.htaccess

colm_c

I'm trying to setup a .htaccess file for a directory on one of our servers that will prompt the user for a login box if they're not from a certain IP Address.

I can do the login box no problem using .htpasswd but is it possible to use some kind of if statement for the user to be prompted?

Any info greatly appreciated.

Howitzer

did you get an answer on this?

I'm about to post:
Hi there,

I have put a .htaccess on a folder .
It now requires a username and password to gain access, which is great. Keeps the riff raff out!

contents of .htaccess:
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /usr/www/users/host/folderlocation/.htpasswd
AuthGroupFile /dev/null
require valid-user

contents of .htpassword:
user:encryptedpassword

all created from: http://www.tools.dynamicdrive.com/password/
(found on http://www.javascriptkit.com/howto/htaccess3.shtml)

What I want to know is:
can I circumvent the need for a password for one specific ip
i.e people on my network dont have to enter a password to access this folder.
People in the outside world outside my office have to enter a name and password.

How would I do this?

Any advice appreciated

Mr E

Yep, I think this is possible using allow/deny. This helptext is copied from webshell helpfile on hosting365:

Sometimes you might want to restrict access to all or part of your site. Maybe you have one area devoted to administration or maybe the site is only intended for a certain group of people. Or maybe you're trying to block a specific group of people.

You can allow or deny access based on domain/IP. To deny anyone from a certain domain, use:

deny from .aol.com

You could also use an IP or range of IPs:

deny from 24.64.

This would deny anyone whose IP started with 24.64.

Often, you'll want to deny everyone and then allow certain people.

order deny,allow
deny from all
allow from 24.64.103.25
allow from .islandnet.com

The first line indicates in which order the directives should be processed. You'll most likely want to use domain names rather than IPs unless you're in a situation where the IPs are static.

You can also use a sectioning directive called Limit to specify which connection methods this applies to.

<Limit GET POST>
order deny,allow
deny from all
allow from 24.64.103.25
allow from .islandnet.com
</Limit>

Here, the limits only apply to pages and scripts called through GET and POST. Normally, a browser will issue a GET in the header. These are listed twice because they are case-sensitive and some browsers do it one way, some another. You could, if you liked, simply restrict POST so that all users could view pages but only certain ones could use forms.

smeggle

Just an addition to Howitzer's post - the javascript.com .htaccess tutorials start at this link http://www.javascriptkit.com/howto/htaccess.shtml

Check the list out at the bottom

I particularly found this one helped sort out a lot of heavy bandwidth issues

http://www.javascriptkit.com/howto/htaccess13.shtml - I installed it not long ago and dropped about a third of my bandwidth usage..

Found it to be a very good resource