Apache 1.3.9 query - unusual (?) IP address + password access controls

Apache 1.3.9 query - unusual (?) IP address + password access controls

Post by John Li » Sat, 18 Dec 1999 04:00:00

I suspect that either it's not possible or I'm missing something very
obvious, but using Apache 1.3.9 is it possible to set up access control so

 * access is automatically allowed from some client systems, and
 * access is allowed from some other systems if a valid username/password
   can be provided, but
 * access from anywhere else is simply rejected, so no risk of password
   guessing attacks (etc.) by people who are connecting from places that
   should always be refused


If it helps, the list of systems allowed passworded access would most likely
be a superset of those allowed straight in. The context is a test server to
which the world in general should have no access, staff in one or two
subdomains should have direct (non-passworded) access, and systems anywhere
else in the organisation (domain) should have access only if they can
provide valid username/password. The "access with password" list would most
likely be a simple wildcard for the whole domain.

The "standard recipe" as seen e.g. at


only deals with allowing access from specific systems *or* if that fails,
allowing access with a password from anywhere.

Any solutions (short of writing/modifying an authentication module :-)?

                                John Line

John Line - Cambridge University Computing Service, Computer Laboratory,
            New Museums Site, Pembroke Street, Cambridge CB2 3QG, England.


1. How to do IP access control AND password control

    My friend has a cyber-stalking ex-girlfriend that he wants to block from
accessing his vhost on my Debian server but I have the problem that they
both (that is my friend and his creepy ex) work at the same company and show
up as the same proxy IP. I can block the IP no problem but he wants to know
if instead if everyone being block from this IP can I have it prompt for a
login and password for this IP only, and not for any other visitors.

    So far the documentation has shown how I can have everybody get a login
prompt except for a specific domain, but not the other way around which is
what I need.

Any thoughts ?


Andrew Cullen

2. Programming NIC`s EEPROM under Linux

3. Apache: access control via ip address

4. simple gateway setup

5. Apache access (IP address, then password)

6. Need XFree86 Xconfig for Toshiba T4700CT notebook

7. Apache: Username/Password AND IP-Address access checking

8. linuxconf and control panel won't work in X

9. APACHE httpd.conf Access [IP AND IP+login/password]

10. Wanted : extended telnetd with user and IP address based access control

11. independently controlling access with two IP addresses for same machine

12. Apache, NT password, access control

13. IP + Passwd based access control Apache 1.0.0