| home / internet / security / apache / chap5 / 1 |    [previous] [next] |
|
|
|
| require |
require [user user1 user2 ...] [group group1 group2] [valid-user] [valid-user] [valid-group] directory, .htaccess |
The key directive that throws password checking into action is
require.
The
argument, valid-user, accepts any users that are
found in the password file. Do not mistype this as
valid_user, or you will get a hard-to-explain
authorization failure when you try to access this site through a
browser. This is because Apache does not care what you put after
require and will interpret
valid_user as a username. It would be nice if
Apache returned an error message, but require is
usable by multiple modules, and there's no way to
determine (in the current API) what values are valid.
[Available after Apache 1.3.20] The supplied username and password
must be in the AuthUserFile database, and the
username must also match the system's name for the
owner of the file being requested. That is, if the operating system
says the requested file is owned by jones, then
the username used to access it through the Web must be
jones as well.
[Available after Apache 1.3.20] The supplied username and password
must be in the AuthUserFile database, the name of
the group that owns the file must be in the
AuthGroupFile database, and the username must be a
member of that group. For example, if the operating system says the
requested file is owned by group accounts, the
group accounts must be in the
AuthGroupFile database, and the username used in
the request must be a member of that group.
We could say:
require user bill ben simonto allow only those users, provided they also have valid entries in the password table, or we could say:
require group cleanersin which case only sonia and
daphne can access the site, provided they also
have valid passwords and we have set up
AuthGroupFile appropriately.
The block that protects ... /cgi-bin could
safely be left out in the open as a separate block, but since
protection of the ... /salesmen directory only
arises when sales.butterthlies.com is accessed,
we might as well put the require directive there.
| satisfy |
satisfy [any|all] Default: all directory, .htaccess |
satisfy sets access policy if both
allow and require are used. The
parameter can be either all or
any. This directive is only useful if access to a
particular area is being restricted by both username/password and
client host address. In this case, the default behavior
(all) is to require the client to pass the address
access restriction and enter a valid username and password. With the
any option, the client will be granted access if
he either passes the host restriction or enters a valid username and
password. This can be used to let clients from particular addresses
into a password-restricted area without prompting for a password.
For instance, we want a password from everyone except site 1.2.3.4:
<usual auth setup (realm, files etc>
require valid-user
Satisfy any
order deny,allow
allow from 1.2.3.4
deny from all
| home / internet / security / apache / chap5 / 1 | [previous] [next] |
Created: February 18, 2003
Revised: February 18, 2003
URL: http://webreference.com/internet/apache/chap5/1/5.html
