On Monday, 30 November 2020 22:52:05 GMT the...@sys-concept.com wrote: > Access based on IP address works from .htaccess with Files directive: > > <Files *> > Require ip 10.0.0.109 > </Files> > > But it doesn't read AuthType Basic, it doesn't ask me for any password. > > AuthName "restricted stuff" > AuthType Basic > AuthUserFile "/etc/apache2/users" > require user webmaster > > It seems to me Apache 2.4 is very limited what can, and can not go into > .htaccess.
OK, probably Authentication takes precedence from Authorization on apache 2.4. Since you prefer to use .htaccess rather than a central apache config, let's check if this works in your /admin/.htaccess: =========================== AuthName "restricted stuff" AuthType Basic AuthUserFile "/etc/apache2/users" <RequireAll> Require ip 10.0.0.100 Require user webmaster </RequireAll> ========================== It should allow you to connect and then request username and passwd from IP 10.0.0.100, but return '403 Forbidden' for clients connecting from any other IP address, without requesting authentication.
signature.asc
Description: This is a digitally signed message part.