Saturday, November 11, 2006

Apache in WinXp

Few funnies when trying to set up .htaccess in Apache for Win32. I was trying to set it up so that all access was allowed for a certain IP address, and any other IP would have a login prompt.

First problem is the .htpasswd file, need to force MD5:
htpasswd.exe -m .htpasswd guest

Then I needed to specify security for the directory in .htaccess, set up password access as normal, specifying the AuthUserFile and require valid-user.

Then comes the clever bit "Satisfy Any" - this instructs Apache to look for *any* of the criteria, rather than the default all. So if the ip address is correct, the user is not challenged for a password.

AuthUserFile "/path/to/htdocs/.htpasswd"
AuthType Basic
AuthName "Madly Secret Stuff"
Satisfy Any
require valid-user

Order deny,allow
deny from all
allow from localhost
allow from

No comments: