I've opened a ticket for this INC000001875130
I share any solution with the list thanks On Apr 15, 2012, at 9:42 PM, Fletcher Cocquyt wrote: > I was told this is not possible with webauth4 > > Is this a design limitation ? Which is weird since it seems like a common use > case to combine IP address into the LOA? > > Or is this more a limitation of Apache directives? > > If not, can we have some examples? > > thanks > > On Apr 13, 2012, at 12:44 AM, Fletcher Cocquyt wrote: > >> Ping! >> >> Too new? >> >> was hoping for a best practice recommendation for what seems like one of >> the MOST COMMON USE CASES for this great new webauth functionality. >> >> Do we use LOA for this or ?? >> >> thanks! >> >> >> On Apr 10, 2012, at 1:51 PM, Fletcher Cocquyt wrote: >> >>> Hi, we just started testing 2 factor authentication >>> >>> http://webauth.stanford.edu/manual/mod/mod_webauth.html >>> >>> We want to enforce 2 factor authentication for off campus users (eg client >>> IP not in 171.65.0.0/16) >>> >>> What would the recommended Apache config look like to do this? >>> >>> We'd also like to whitelist certain IPs for API access without any webauth >>> or 2 factor. >>> >>> thanks, >>> >>> Fletcher Cocquyt >>> Principal Engineer >>> Information Resources and Technology (IRT) >>> Stanford University School of Medicine >>> <PastedGraphic-3.png> >>> Email: fcocq...@stanford.edu >>> Phone: (650) 724-7485 >>> >>> >>> >>> >>> >>> >> > >
