Found it - sorry. For anyone curious here's what I found:
You _need_ to have an Order directove for Allow, so:
the .htaccess file reads
AuthName "IPlease authenticate"
AuthType Basic
AuthUserFile /www/.htpasswd
AuthGroupFile /www/.htgroup
Require group internal
Order deny,allow
deny from all
Allow from 10.10.10.0/24
Satisfy any
At 01:01 13.11.2002, Ernest E Vogelsinger said:
[snip]
>Hi folks,
>
>sorry, no PHP or else this time, just a quick OT question (don't want to
>need to subscribe to another mailing list).
>
>I'm just messing around with our Apache config and thought someone could
>give me a quick pointer...
>
>Here we go:
>
>
>AllowOverride AuthConfig Limit
>
>
>The .htaccess file reads
>AuthName "IPlease authenticate"
>AuthType Basic
>AuthUserFile /www/.htpasswd
>AuthGroupFile /www/.htgroup
>Require group internal
>Allow from 10.10.10.0/28
>Satisfy any
>
>If I remove the "Allow" and "Satisfy any" clause, Apache correctly
>authenticates a user. However I want to have our internal net
>(10.10.10.0/28) to get in w/o authentication.
>
>Unfortunately, adding the "Allow" and "Satisfy" clauses virtually renders
>the page unsecured, you can get in without auth from everywhere.
>
>Running Apache 1.3.23 on RHL 7.2. Any clues?
>
>Thanks, and sorry for OT
>
>
>--
> >O Ernest E. Vogelsinger
> (\)ICQ #13394035
>^ http://www.vogelsinger.at/
>
>
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, visit: http://www.php.net/unsub.php
[snip]
--
>O Ernest E. Vogelsinger
(\)ICQ #13394035
^ http://www.vogelsinger.at/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
