.htaccess tutorial

htaccess Elite


Satisfy Directive

Security in htaccess: htpasswd, 401 Authentication

Satisfy Directive

Postby mod_rewrite » 08 Nov 2006 22:36

Satisfy Directive
Description: Interaction between host-level access control and user authentication
Syntax: Satisfy Any|All
Default: Satisfy All
Context: directory, .htaccess
Override: AuthConfig
Status: Core
Module: core
Compatibility: Influenced by <Limit> and <LimitExcept> in version 2.0.51 and later

Access policy if both Allow and Require used. The parameter can be either All or Any. This directive is only useful if access to a particular area is being restricted by both username/password and client host address. In this case the default behavior (All) is to require that the client passes the address access restriction and enters a valid username and password. With the Any option the client will be granted access if they either pass the host restriction or enter a valid username and password. This can be used to password restrict an area, but to let clients from particular addresses in without prompting for a password.

For example, if you wanted to let people on your network have unrestricted access to a portion of your website, but require that people outside of your network provide a password, you could use a configuration similar to the following:

Code: Select all
Require valid-user
Allow from 192.168.1
Satisfy Any


Since version 2.0.51 Satisfy directives can be restricted to particular methods by <Limit> and <LimitExcept> sections.
mod_rewrite
 
Posts: 102
Joined: 30 Oct 2006 19:55

Re: Satisfy Directive

Postby Zeratul » 13 Apr 2008 16:08

Hi, I need help with this problem. I want to have this kind of authorization on my server and i got a hunch it will be through satisfy directive but couldnt figure it out yet myself. Si I woul like to have basic user auth which i already have but i would like to restrcit users to be able to connect only from their specific ip adresses, so they would not giv epasswords away and let friends connect. Is it possible to assign each user specific IP(s), from which tey can connect to my server with valid username/pass?

Thanks
Zeratul
 
Posts: 1
Joined: 13 Apr 2008 16:05

Re: Satisfy Directive

Postby produke » 10 May 2008 00:48

No, you can allow from ips, or username. But maybe I'm not understanding you.

You could for instance, require a specific IP and a specific username to access a specific resource.
User avatar
produke
 
Posts: 242
Joined: 25 Sep 2006 04:48


Return to Security and Authentication