spacer

Webref WebRef   Sitemap · Experts · Tools · Services · Newsletters · About i.com

home / internet / security / apache / chap5 / 1 To page 1To page 2To page 3To page 4current pageTo page 6To page 7
[previous] [next]

Apache: The Definitive Guide, Chapter 5: Authentication

Web Developer with REGEX
Aquent
US-MA-Boston

Justtechjobs.com Post A Job | Post A Resume
Developer News
Cisco Lawsuit: A Test for the GPL?
Shifts for Enterprise Linux, Green Networks in '09
Gifts for All in Linux 2.6.28
require
require [user user1 user2 ...] [group group1 group2] [valid-user]	
[valid-user] [valid-group]
directory, .htaccess

The key directive that throws password checking into action is require.

The argument, valid-user, accepts any users that are found in the password file. Do not mistype this as valid_user, or you will get a hard-to-explain authorization failure when you try to access this site through a browser. This is because Apache does not care what you put after require and will interpret valid_user as a username. It would be nice if Apache returned an error message, but require is usable by multiple modules, and there's no way to determine (in the current API) what values are valid.

file-owner

[Available after Apache 1.3.20] The supplied username and password must be in the AuthUserFile database, and the username must also match the system's name for the owner of the file being requested. That is, if the operating system says the requested file is owned by jones, then the username used to access it through the Web must be jones as well.

file-group

[Available after Apache 1.3.20] The supplied username and password must be in the AuthUserFile database, the name of the group that owns the file must be in the AuthGroupFile database, and the username must be a member of that group. For example, if the operating system says the requested file is owned by group accounts, the group accounts must be in the AuthGroupFile database, and the username used in the request must be a member of that group.

We could say:

require user bill ben simon

to allow only those users, provided they also have valid entries in the password table, or we could say: 

require group cleaners

in which case only sonia and daphne can access the site, provided they also have valid passwords and we have set up AuthGroupFile appropriately.

The block that protects ... /cgi-bin could safely be left out in the open as a separate block, but since protection of the ... /salesmen directory only arises when sales.butterthlies.com is accessed, we might as well put the require directive there.

satisfy
satisfy [any|all]
Default: all
directory, .htaccess

satisfy sets access policy if both allow and require are used. The parameter can be either all or any. This directive is only useful if access to a particular area is being restricted by both username/password and client host address. In this case, the default behavior (all) is to require the client to pass the address access restriction and enter a valid username and password. With the any option, the client will be granted access if he either passes the host restriction or enters a valid username and password. This can be used to let clients from particular addresses into a password-restricted area without prompting for a password.

For instance, we want a password from everyone except site 1.2.3.4:

<usual auth setup (realm, files etc>
require valid-user
Satisfy any
order deny,allow
allow from 1.2.3.4
deny from all

home / internet / security / apache / chap5 / 1 To page 1To page 2To page 3To page 4current pageTo page 6To page 7
[previous] [next]

internet.comearthweb.comDevx.commediabistro.comGraphics.com

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info

Legal Notices, Licensing, Reprints, Permissions, Privacy Policy.
Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers

Solutions

Whitepapers and eBooks

Avaya Article: Developing Speech Grammars that Rock, Part 2: Grammar Tuning
Microsoft Partner Portal: Hyper-V Vaults Microsoft into Virtualization Race
Small Business Solution Exchange: The Pros and Cons of Outsourcing Enterprise Emails
Avaya Article: JSR 289: SIP Servlet 1.1 Provides Significant Benefits for SIP Application Developers
   Microsoft Article: Build and Run Virtual Machines with Hyper-V Server 2008
Internet.com eBook: Real Life Rails
Internet.com eBook: Best Practices for Developing a Web Site
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

HP Webinar: Virtualization for Business Critical SAP on SQL Server
Microsoft Partner Portal Video: Microsoft Gold Certified Partners Build Successful Practices
   Rackspace Hosting Center: Customer Videos
MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

IdeaBlade Download: DevForce EF--Developing for LINQ and the Entity Framework
Microsoft Download: Silverlight 2 SDK
30-Day Trial: SPAMfighter Exchange Module
Iron Speed Designer Application Generator
   Microsoft Download: Silverlight 2 Developer Runtime (Windows)
IdeaBlade Download: .NET Programming with DevForce Classic
MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Online Demo: IBM Cognos 8 Business Intelligence Reporting
   MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES
webref The latest from WebReference.com Browse >
Overview of Popular JavaScript Frameworks - ASP.NET AJAX · An Introduction to 3D · Email Marketing Terms to Know
Sitemap · Experts · Tools · Services · Email a Colleague · Contact FREE Newsletters 
 The latest from internet.com
Configuring Anonymous Dialog Security in SQL Server 2005 Express Service Broker Conversation · OpenVPN: Revoking Access and Expanding Management Options · Connecticut Town Lays Groundwork for Merged School, Municipal VoIP Network

Created: February 18, 2003
Revised: February 18, 2003

URL: http://webreference.com/internet/apache/chap5/1/5.html