: ngiw2...@hotmail.com
To: users@httpd.apache.org
Subject: RE: [users@httpd] After authentication, How to authorize users
according to IP (or host)?
Date: Fri, 25 Jul 2014 15:26:24 +
192.168.1.2 can always access, regardless of LDAP?
Yes
192.168.1.7 can never access, regardless of LDAP?
Yes
sorry I send it a wrong message this should be on squid mailing-
list
On Tue, Jul 22, 2014 at 4:46 PM, Mark jensen ngiw2...@hotmail.com wrote:
this won't help if the USER is outside the Network and have to use LDAP, it
is surely doesn't have the IP 192.168.1.2
Break it down who you want to access the location, ie it is unclear
which of these statements is what
192.168.1.2 can always access, regardless of LDAP?
Yes
192.168.1.7 can never access, regardless of LDAP?
Yes, but what I really want is to do the forbidden of access using
authorization(Require tag)
not authentication (allow tag)
something like that:
allow from 192.168.1
Require 192.168.1.2
so
According to this page:
http://httpd.apache.org/docs/current/mod/mod_authz_host.html , we can authorize
the users after Authentication, Is this true?
My problem is I'm trying to authenticate all my users (using LDAP) except some
IPs, it have worked will:
Directory /var/www/html/ldap
sorry there is an error in the last message(in config):
Directory /var/www/html/ldap
Order allow,deny
Allow from 192.168.1.2 192.168.1.7
Satisfy any
AuthName LDAP Authentication
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPauthoritative off
On Tue, Jul 22, 2014 at 10:38 AM, Mark jensen ngiw2...@hotmail.com wrote:
apache let 192.168.1.2 192.168.1.7 to enter the directory, so where is
the authorization? How can I make this directory available only for
192.168.1.2 and not to 192.168.1.7?
requireall
Require valid-user
Require ip
this won't help if the USER is outside the Network and have to use LDAP, it is
surely doesn't have the IP 192.168.1.2