Advanced Apache Security

Mon, 04/23/2007 - 16:36.

Tags:

Task: allow unrestricted access to a virtual host from a range of IPs, require MySQL-based authentication from any other IP.

Solution:

Database Table:

use auth;

 CREATE TABLE `user` (
  `id` int(10) unsigned NOT NULL auto_increment,
  `fullname` varchar(127) NOT NULL default '',
  `email` varchar(127) NOT NULL default '',
  `country` varchar(64) NOT NULL default '',
  `userid` varchar(32) NOT NULL default '',
  `passwd` varchar(32) NOT NULL default '',
  `groupid` varchar(32) NOT NULL default 'user',
  `modified` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP,
  PRIMARY KEY  (`id`),
  UNIQUE KEY `email_2` (`email`),
  UNIQUE KEY `userid_2` (`userid`),
  KEY `groupid` (`groupid`),
  KEY `country` (`country`),
  KEY `groupid_2` (`groupid`(8),`userid`),
  KEY `userid` (`userid`,`groupid`(4))
);

.htaccess or httpd.conf snippet:

AuthMySQLUser www
AuthMySQLDB auth
AuthMySQLUserTable user
AuthMySQLNameField userid
AuthMySQLPasswordField passwd
AuthMySQLGroupField groupid
AuthMySQLCryptedPasswords On
AuthMySQLScrambledPasswords Off
AuthMySQLMD5Passwords On
AuthMySQLKeepAlive Off
AuthMySQLAuthoritative On
AuthMySQLNoPasswd Off

AuthName	"Corporate Authentication"
AuthType	basic
require group user
Satisfy any

order deny,allow
deny from all
allow from127.0.0.1 192.168.0.1 192.168.0.7 freshblurbs.com 4.4.4.2 example.com

ErrorDocument 401 /error.htm

Add new comment

Advanced Apache Security

The Author