Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.
The following page has been changed by BravoOscar: http://wiki.apache.org/httpd/Recipes/BypassAuthenticationOrAuthorizationRequirements The comment on the change is: Spelling and typos; Added example of "all" ------------------------------------------------------------------------------ ## page was renamed from Recipies/BypassAuthenticationOrAuthorizationRequirements - = Bypass Authentication Or Authorization Requirements = + = Bypass Authentication Or Access Requirements = - With satisfy you can instruct your Apache Server to bypass either authentication or authorization requirements that are currently configured. [[BR]] Or to ensure that all criteria are met satisfactorily before allowing the connection any further. + The '''Satisfy''' directive controls how ''Authentication'' directives (used for password protection) and ''access'' directives (eg, Allow/Deny) interact with each other. You can instruct your Apache Server to allow requests if ''either'' authentication ''or'' access requirements are met. Or you can insist that ''all'' criteria are met before allowing the request. Satisfy comes with two options: + * '''Satisfy Any''' Allows the request if ''any'' requirement is met (authentication OR access). + * '''Satisfy All''' Allows the request only if ''both'' requirements are met (authentication AND access). - * '''Satisfy Any''' will allow Apache to bypass one of the requirements. - - [[BR]] [[BR]] For the rest of this recipie lets set an example scenario. + For the rest of this recipe, let's set an example scenario. {{{ <Directory /home/www/site1/private> AuthUserFile /home/www/site1-passwd @@ -18, +18 @@ Require valid-user </Directory> }}} - With this configuration, your users will be required to authenicate as normal. + With this configuration, your users will be required to authenticate as normal. - But lets say for example you want people from your LAN to have full access, without being prompted for a password. In this scenario we could use: + But let's say you want people from your LAN to have full access, without being prompted for a password. In this scenario we could use: {{{ <Directory /home/www/site1/private> @@ -29, +29 @@ AuthName MySite Require valid-user Allow from 172.17.10 - Satisfy Any + Satisfy any </Directory> }}} - This will basically force everyone from the outside to authenticate, but those coming from the LAN IP range would not be required to do so. [[BR]] Apache will let them access the directory, with authenticating. + This will force everyone from the outside to authenticate, but those coming from the LAN IP range would not be required to do so. Apache will let them access the directory without authenticating. - This will also work with a subdirectory in your protected directory. Let's say, you have a subdirectory in private called noprotect that you want to allow everyone access without being prompted for a credentials. You could do this: + This will also work with a subdirectory in your protected directory. Let's say, you have a subdirectory in ''private'' called ''noprotect'' that you want to allow everyone access to without being prompted for credentials. You could do this: {{{<Directory /home/www/site1/private/noprotect> Order allow,deny @@ -43, +43 @@ </Directory> }}} - For further information on the satisfy directive, see the Apache Doc for it [http://httpd.apache.org/docs/2.2/mod/core.html#satisfy here] + Finally, if you have a directory that is super-secret, you may want to restrict access to those on the LAN '''and''' demand a password: + {{{ + <Directory /home/www/site1/super-secret> + AuthUserFile /home/www/site1-passwd + AuthType Basic + AuthName MySite + Require valid-user + Order deny,allow + Allow from 172.17.10 + Satisfy all + </Directory> + }}} + + In this above example, the "Order deny,allow" line blocks access by default, the "Allow" directive allows the LAN and the "Satisfy all" directive requires both LAN and password. + + See the Apache Docs For further information on the [http://httpd.apache.org/docs/2.2/mod/core.html#satisfy Satisfy] directive. +
