I was told this is not possible with webauth4 Is this a design limitation ? Which is weird since it seems like a common use case to combine IP address into the LOA?
Or is this more a limitation of Apache directives? If not, can we have some examples? thanks On Apr 13, 2012, at 12:44 AM, Fletcher Cocquyt wrote: > Ping! > > Too new? > > was hoping for a best practice recommendation for what seems like one of the > MOST COMMON USE CASES for this great new webauth functionality. > > Do we use LOA for this or ?? > > thanks! > > > On Apr 10, 2012, at 1:51 PM, Fletcher Cocquyt wrote: > >> Hi, we just started testing 2 factor authentication >> >> http://webauth.stanford.edu/manual/mod/mod_webauth.html >> >> We want to enforce 2 factor authentication for off campus users (eg client >> IP not in 171.65.0.0/16) >> >> What would the recommended Apache config look like to do this? >> >> We'd also like to whitelist certain IPs for API access without any webauth >> or 2 factor. >> >> thanks, >> >> Fletcher Cocquyt >> Principal Engineer >> Information Resources and Technology (IRT) >> Stanford University School of Medicine >> <PastedGraphic-3.png> >> Email: [email protected] >> Phone: (650) 724-7485 >> >> >> >> >> >> >
