How to configure directory with no authentication only for specified ip addresses

Question

In / directory I'm using AuthType SPNEGO, but in one subdirectory I need to have no authentication, but to be accesible just from listed ip addresses. Here is current configuration of that directory:

<Directory /foo/bar>
  Order Deny,Allow
  Deny from all
  Allow from 1.2.3.4 1.2.3.5
</Directory>

By adding Satisfy Any (as described here) is directory accessible without authentication, but is accessible for all ip addresses, not just for that that are listed. How can I achieve that?

Configuration of /:

<Directory />
  AuthName "FOO"
  <IfDefine AUTH_SPNEGO>
    Krb5ServiceName HTTP
    AuthType SPNEGO
  </IfDefine>
  require valid-user
  allow from all
</Directory>

You don't want password authentication for /foo/bar from other IPs than the specific ones, right? — Céline Aussourd, Oct 27 '14 at 11:09
@CélineAussourd: I don't want password authentication for /foo/bar at all, and accessible only for listed IPs — tarmaq, Oct 27 '14 at 11:13

Céline Aussourd · Answer 1 · 2014-10-27T14:34:20.543

0

You can do like this:

<Directory /foo/bar>
  Order Deny,Allow
  Deny from all
  Allow from 1.2.3.4 1.2.3.5
</Directory>

<DirectoryMatch /(?!foo/bar)>
  AuthName "FOO"
  <IfDefine AUTH_SPNEGO>
    Krb5ServiceName HTTP
    AuthType SPNEGO
  </IfDefine>
  require valid-user
  allow from all
</DirectoryMatch>

/foo/bar is accessible only by the specific IP (1.2.3.4 and 1.2.3.5 in this example)

And we set the password authentication for / excluding /foo/bar

edited Oct 27 '14 at 14:34

answered Oct 27 '14 at 10:20

Céline Aussourd

10,214
4
32
36

The problem is that I want to disable spnego authentication in this directory, but your solution doesn't make that. – tarmaq Oct 27 '14 at 10:32
Ah weird, it works for me. What happened in your case? What is not working? – Céline Aussourd Nov 04 '14 at 11:03

How to configure directory with no authentication only for specified ip addresses

1 Answers1