Apache | Access Permissions | Combining IP Address Restrictions and User Authentication

Tags:

• Apache
• Web

You can specify both IP address or domain restrictions using Require and user authentication using a user name and password for a single directory.

<Directory "${SRVROOT}/htdocs/admin">
    Require all granted
    Require ip 192.168.1.0/24
		
    AuthType Basic
    AuthName "사용자명과 비밀번호를 입력하세요."
    AuthUserFile "C:/apache/passwd/passfile"
    Require valid-user
</Directory>

When access restrictions are configured in both ways like this, access is allowed only when both conditions are satisfied by default. In other words, the request must come from the specified IP address and also pass user authentication.

Apache can also be configured to allow access when either condition matches. For example, access can be allowed unconditionally if the IP address matches the condition, and user authentication can be required only when the IP address is not one of the specified addresses. This is useful when users inside a company can view content freely, but users from outside must authenticate.

To configure this, use <RequireAny>.

<RequireAny>
....
</RequireAny>

If <RequireAll> is used, access is allowed only when both conditions are satisfied, which is the same behavior as when nothing special is specified.

<RequireAll>
...
</RequireAll>

Write it as follows.

<Directory "${SRVROOT}/htdocs/admin">
    <RequireAll>
    Require all granted
    Require ip 192.168.1.0/24
		
    AuthType Basic
    AuthName "사용자명과 비밀번호를 입력하세요."
    AuthUserFile "C:/apache/passwd/passfile"
    Require valid-user
    </RequireAll>
</Directory>