Help with Apache: free access from lan users and password access to wan users... how?

maginotjr · 06-26-2009, 08:00 AM

Hi...

Im trying to config my intranet to be accessible from inside the network (lan) without need of password and ask for a passwd for those who are viewing from Wan ....

Today my intranet can only be accessed from Lan, external access give me an Unauthorized message, I took look around, try #irc and still can get the appropriated help, I hope that someone here could help me on that...

A piece of my config:

Code:

<VirtualHost *:80>
        ServerName intranet.somehostname.com
        ServerAlias intranet2.somehostname.com

        DocumentRoot /var/www/intranet
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/intranet>
                Options Indexes FollowSymLinks MultiViews
                Order deny,allow
                deny from all
                allow from 127.0.0.0/255.0.0.0 192.168.1.0/255.255.255.0 192.168.0.0/255.255.255.0 ::1/128 200.x.x.x 200.x.x.x 200.x.x.x 200.x.x.x
                AllowOverride AuthConfig
                AuthName "Restrict Access"
                AuthType Basic
                Satisfy any
                AuthUserFile /etc/apache2/auth/httppw.db
                require valid-user
        </Directory>

best regards []s

zhjim · 06-26-2009, 08:27 AM

I did not found anything to get this in one config, but why not just split it up.

Make two virutalhosts. One with a ServerName directive of "intranet.yourside.com". Which allows access from internal
Allow from 192.168.1.0
The other virtualhost would have a ServerName directive with "external.yourside.com" and would need an authentication

The name of the directory just happens to be the same...

maginotjr · 06-26-2009, 11:31 AM

well, I have many reason to want this... my network users are made of all kind of person, most aren't so skilled others just don't ask, or doesn't understand why the address "intranet.myhost.com" doesn't load at their home... and endeed most sites used by us permit external access to their intranet with the use of a password and want to bring this functionality to our intranet.

believe in the kind of confusion to the users to understand the difference between intranet e internet and things like that ... =)

[ ]'s

zhjim · 06-29-2009, 02:42 AM

Quote:

Originally Posted by maginotjr

believe in the kind of confusion to the users to understand the difference between intranet e internet and things like that ... =)

AMEN ;=) I can realy see to that.

Okay next one. Maybe a rewrite rule could help out.
You still would need to go with the split up configuration. Just have the address the 192.168.0.0/24 people be rewriten to intranet.yousite.tld.

Another option might be to use the proxy module. Or use some enviromental variable with SetEnv if REMOTE_ADDRS=192.168.*.*

I just think you can't get this configuration in one go. But who knows. I see if the apache pages might give some more hints.

Enderek · 01-01-2011, 11:08 AM

This thread was first Google result for my query searching this, so I hope saying the solution won't hurt.

Use "Satisfy Any" - that means that only one condition needs to be met, either "Allow from (IP)" or "Require ...user/group...".