On Tuesday, 1 December 2020 19:34:54 GMT the...@sys-concept.com wrote: > On 12/01/2020 07:18 AM, Michael wrote: > > On Monday, 30 November 2020 22:52:05 GMT the...@sys-concept.com wrote: > >> Access based on IP address works from .htaccess with Files directive: > >> > >> <Files *> > >> > >> Require ip 10.0.0.109 > >> > >> </Files> > >> > >> But it doesn't read AuthType Basic, it doesn't ask me for any password. > >> > >> AuthName "restricted stuff" > >> AuthType Basic > >> AuthUserFile "/etc/apache2/users" > >> require user webmaster > >> > >> It seems to me Apache 2.4 is very limited what can, and can not go into > >> .htaccess. > > > > OK, probably Authentication takes precedence from Authorization on apache > > 2.4. > > > > Since you prefer to use .htaccess rather than a central apache config, > > let's check if this works in your /admin/.htaccess: > > > > =========================== > > AuthName "restricted stuff" > > AuthType Basic > > AuthUserFile "/etc/apache2/users" > > <RequireAll> > > > > Require ip 10.0.0.100 > > Require user webmaster > > > > </RequireAll> > > ========================== > > > > It should allow you to connect and then request username and passwd from > > IP > > 10.0.0.100, but return '403 Forbidden' for clients connecting from any > > other IP address, without requesting authentication. > > WOW! it worked, it worked! > Thank you Michael! > IP works and AuthType Basic works too. > > Why? It seems to me Apache 2.4 is very picky where/and order directives > are. So much more to learn. For basic operation I prefer .htaccess > files, it is much simpler and easier to block spammers, no need to > restart the main server, just update .htaccess file. > > Thank you again!
You're welcome. I'm glad you got it going. There were a number of changes with apache 2.4. Have a look down this page for the specifics: https://httpd.apache.org/docs/trunk/upgrading.html
signature.asc
Description: This is a digitally signed message part.
