Fresh Blurbs

Advanced Apache Security

Task: allow unrestricted access to a virtual host from a range of IPs, require MySQL-based authentication from any other IP.


Database Table:

use auth;

 CREATE TABLE `user` (
  `id` int(10) unsigned NOT NULL auto_increment,
  `fullname` varchar(127) NOT NULL default '',
  `email` varchar(127) NOT NULL default '',
  `country` varchar(64) NOT NULL default '',
  `userid` varchar(32) NOT NULL default '',
  `passwd` varchar(32) NOT NULL default '',
  `groupid` varchar(32) NOT NULL default 'user',
  `modified` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP,
  PRIMARY KEY  (`id`),
  UNIQUE KEY `email_2` (`email`),
  UNIQUE KEY `userid_2` (`userid`),
  KEY `groupid` (`groupid`),
  KEY `country` (`country`),
  KEY `groupid_2` (`groupid`(8),`userid`),
  KEY `userid` (`userid`,`groupid`(4))

.htaccess or httpd.conf snippet:

AuthMySQLUser www
AuthMySQLDB auth
AuthMySQLUserTable user
AuthMySQLNameField userid
AuthMySQLPasswordField passwd
AuthMySQLGroupField groupid
AuthMySQLCryptedPasswords On
AuthMySQLScrambledPasswords Off
AuthMySQLMD5Passwords On
AuthMySQLKeepAlive Off
AuthMySQLAuthoritative On
AuthMySQLNoPasswd Off

AuthName    "Corporate Authentication"
AuthType    basic
require group user
Satisfy any

order deny,allow
deny from all
allow from127.0.0.1

ErrorDocument 401 /error.htm
comments powered by Disqus