Otdfbt

Who commanded or executed this action in Game of Thrones S8E5?

Is this a group? If so, what group is it?

Can only the master initiate communication in SPI whereas in I2C the slave can also initiate the communication?

Filter a data-frame and add a new column according to the given condition

is it correct to say "When it started to rain, I was in the open air."

Is Valonqar prophecy unfulfilled?

Motorola 6845 and bitwise graphics

Do we have C++20 ranges library in GCC 9?

Re-testing of regression test bug fixes or re-run regression tests?

Formal Definition of Dot Product

How does this Martian habitat 3D printer built for NASA work?

complicated arrows in flowcharts

How can we allow remote players to effectively interact with a physical tabletop battle-map?

Should generated documentation be stored in a Git repository?

Offered a new position but unknown about salary?

Will casting a card from the graveyard with Flashback add a quest counter on Pyromancer Ascension?

How to make a not so good looking person more appealing?

Given 0s on Assignments with suspected and dismissed cheating?

Should I communicate in my applications that I'm unemployed out of choice rather than because nobody will have me?

Help understanding this line - usage of くれる

Are there any sonatas with only two sections?

Find the unknown area, x

Why weren't the bells paid heed to in S8E5?

How to disable Two-factor authentication for Apple ID?

htaccess directory protection in Apache 2.4

Apache 2.4 - How to add directory protection?Apache 2.4: Public Subdirectory with .htaccessApache 2.4 <locationmatch> occuring before .htaccessApache 2.4 Convert .htaccess rewrites to vhost.confBasic auth Apache with TomcatApache 2.4 .htaccessDeny access to apache virtual host to the outside worldnginx proxy_pass, corrupting pdf file when passed back?Subversion + Apache 2.4 + Active DirectoryApache 2.4 with php-fpm ignores .htaccessRegex RewriteRule in Apache 2.4 .htaccess

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

2

I'm trying to work out how to protect a folder in Apache 2.4.

I have this part working fine:

AuthUserFile /home/test/web/site.com/cgi-bin/hotels/admin/.htpasswd
AuthGroupFile /dev/null
AuthType Basic
AuthName Protected

require valid-user

...but I also want to add the option of allowing me in without having to login. This is what I had on my old server:

Order Deny,Allow
Deny from all
Allow from 123.123.123.123
Satisfy Any

but the new one gives an error:

client denied by server configuration: /home/test/web/site.com/cgi-bin/hotels/admin/admin.cgi

Looking at https://wiki.apache.org/httpd/ClientDeniedByServerConfiguration , I would have assumed this would work:

Require all denied
Allow from 123.123.123.123
Satisfy Any

...but it doesn't seem to (doesn't even ask for a login now, even when I change the accepted IP to a random one)

What am I missing?

apache-2.4

share|improve this question

asked Apr 20 '17 at 15:34

Andrew NewbyAndrew Newby

345724

add a comment | 

2

I'm trying to work out how to protect a folder in Apache 2.4.

I have this part working fine:

AuthUserFile /home/test/web/site.com/cgi-bin/hotels/admin/.htpasswd
AuthGroupFile /dev/null
AuthType Basic
AuthName Protected

require valid-user

...but I also want to add the option of allowing me in without having to login. This is what I had on my old server:

Order Deny,Allow
Deny from all
Allow from 123.123.123.123
Satisfy Any

but the new one gives an error:

client denied by server configuration: /home/test/web/site.com/cgi-bin/hotels/admin/admin.cgi

Looking at https://wiki.apache.org/httpd/ClientDeniedByServerConfiguration , I would have assumed this would work:

Require all denied
Allow from 123.123.123.123
Satisfy Any

...but it doesn't seem to (doesn't even ask for a login now, even when I change the accepted IP to a random one)

What am I missing?

apache-2.4

share|improve this question

asked Apr 20 '17 at 15:34

Andrew NewbyAndrew Newby

345724

add a comment | 

I'm trying to work out how to protect a folder in Apache 2.4.

I have this part working fine:

AuthUserFile /home/test/web/site.com/cgi-bin/hotels/admin/.htpasswd
AuthGroupFile /dev/null
AuthType Basic
AuthName Protected

require valid-user

...but I also want to add the option of allowing me in without having to login. This is what I had on my old server:

Order Deny,Allow
Deny from all
Allow from 123.123.123.123
Satisfy Any

but the new one gives an error:

client denied by server configuration: /home/test/web/site.com/cgi-bin/hotels/admin/admin.cgi

Looking at https://wiki.apache.org/httpd/ClientDeniedByServerConfiguration , I would have assumed this would work:

Require all denied
Allow from 123.123.123.123
Satisfy Any

...but it doesn't seem to (doesn't even ask for a login now, even when I change the accepted IP to a random one)

What am I missing?

apache-2.4

share|improve this question

asked Apr 20 '17 at 15:34

Andrew NewbyAndrew Newby

345724

AuthUserFile /home/test/web/site.com/cgi-bin/hotels/admin/.htpasswd
AuthGroupFile /dev/null
AuthType Basic
AuthName Protected

require valid-user

Order Deny,Allow
Deny from all
Allow from 123.123.123.123
Satisfy Any

client denied by server configuration: /home/test/web/site.com/cgi-bin/hotels/admin/admin.cgi

Require all denied
Allow from 123.123.123.123
Satisfy Any

share|improve this question

asked Apr 20 '17 at 15:34

Andrew NewbyAndrew Newby

345724

share|improve this question

asked Apr 20 '17 at 15:34

Andrew NewbyAndrew Newby

345724

asked Apr 20 '17 at 15:34

Andrew NewbyAndrew Newby

345724

asked Apr 20 '17 at 15:34

Andrew NewbyAndrew Newby

345724

1 Answer
1

active

oldest

votes

4

Do not mix 2.2 and 2.4 directives like that. Satisfy/Order/Allow/Deny are all 2.2.x

Use 2.4 only and unload mod_access_compat:

AuthType Basic
AuthName "Authorized Users Only"
AuthBasicProvider file
AuthUserFile /home/test/web/site.com/cgi-bin/hotels/admin/.htpasswd
<RequireAny>
Require valid-user
Require ip 123.123.123.123
</RequireAny>

Note: htaccess has nothing to do with directory protection, if you have access to the main configuration files of the apache httpd server, define these all inside a <Directory /filesystem/path/to/protected/dir> tag

Note2: Forgot to mention, RequireAny has been specified for example purposes, but that is the default behaviour in 2.4.x so you do not really need to specify it if you don't want.

share|improve this answer

edited Apr 20 '17 at 19:12

answered Apr 20 '17 at 15:57

ezra-sezra-s

1,5961310

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Thanks - that looks like it did the job. Unfortunately I can't put it in the main .conf file, as it would get overwritten by the VestaCP system when you make changes to the domain
  
  – Andrew Newby
  Apr 20 '17 at 15:58
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f845551%2fhtaccess-directory-protection-in-apache-2-4%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

4

Do not mix 2.2 and 2.4 directives like that. Satisfy/Order/Allow/Deny are all 2.2.x

Use 2.4 only and unload mod_access_compat:

AuthType Basic
AuthName "Authorized Users Only"
AuthBasicProvider file
AuthUserFile /home/test/web/site.com/cgi-bin/hotels/admin/.htpasswd
<RequireAny>
Require valid-user
Require ip 123.123.123.123
</RequireAny>

Note: htaccess has nothing to do with directory protection, if you have access to the main configuration files of the apache httpd server, define these all inside a <Directory /filesystem/path/to/protected/dir> tag

Note2: Forgot to mention, RequireAny has been specified for example purposes, but that is the default behaviour in 2.4.x so you do not really need to specify it if you don't want.

share|improve this answer

edited Apr 20 '17 at 19:12

answered Apr 20 '17 at 15:57

ezra-sezra-s

1,5961310

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Thanks - that looks like it did the job. Unfortunately I can't put it in the main .conf file, as it would get overwritten by the VestaCP system when you make changes to the domain
  
  – Andrew Newby
  Apr 20 '17 at 15:58
  

  
  
  
  

add a comment | 

4

Do not mix 2.2 and 2.4 directives like that. Satisfy/Order/Allow/Deny are all 2.2.x

Use 2.4 only and unload mod_access_compat:

AuthType Basic
AuthName "Authorized Users Only"
AuthBasicProvider file
AuthUserFile /home/test/web/site.com/cgi-bin/hotels/admin/.htpasswd
<RequireAny>
Require valid-user
Require ip 123.123.123.123
</RequireAny>

Note: htaccess has nothing to do with directory protection, if you have access to the main configuration files of the apache httpd server, define these all inside a <Directory /filesystem/path/to/protected/dir> tag

Note2: Forgot to mention, RequireAny has been specified for example purposes, but that is the default behaviour in 2.4.x so you do not really need to specify it if you don't want.

share|improve this answer

edited Apr 20 '17 at 19:12

answered Apr 20 '17 at 15:57

ezra-sezra-s

1,5961310

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Thanks - that looks like it did the job. Unfortunately I can't put it in the main .conf file, as it would get overwritten by the VestaCP system when you make changes to the domain
  
  – Andrew Newby
  Apr 20 '17 at 15:58
  

  
  
  
  

add a comment | 

Do not mix 2.2 and 2.4 directives like that. Satisfy/Order/Allow/Deny are all 2.2.x

Use 2.4 only and unload mod_access_compat:

AuthType Basic
AuthName "Authorized Users Only"
AuthBasicProvider file
AuthUserFile /home/test/web/site.com/cgi-bin/hotels/admin/.htpasswd
<RequireAny>
Require valid-user
Require ip 123.123.123.123
</RequireAny>

Note: htaccess has nothing to do with directory protection, if you have access to the main configuration files of the apache httpd server, define these all inside a <Directory /filesystem/path/to/protected/dir> tag

Note2: Forgot to mention, RequireAny has been specified for example purposes, but that is the default behaviour in 2.4.x so you do not really need to specify it if you don't want.

share|improve this answer

edited Apr 20 '17 at 19:12

answered Apr 20 '17 at 15:57

ezra-sezra-s

1,5961310

AuthType Basic
AuthName "Authorized Users Only"
AuthBasicProvider file
AuthUserFile /home/test/web/site.com/cgi-bin/hotels/admin/.htpasswd
<RequireAny>
Require valid-user
Require ip 123.123.123.123
</RequireAny>

share|improve this answer

edited Apr 20 '17 at 19:12

answered Apr 20 '17 at 15:57

ezra-sezra-s

1,5961310

answered Apr 20 '17 at 15:57

ezra-sezra-s

1,5961310

answered Apr 20 '17 at 15:57

ezra-sezra-s

1,5961310