LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 07-10-2019, 05:14 AM   #1
vincix
Senior Member
 
Registered: Feb 2011
Distribution: Ubuntu, Centos
Posts: 1,008

Rep: Reputation: 75
restrict access based on ip/user and password on Apache as proxy


Hi,
I'm trying to restrict access to certain IPs but also have Authentication set up on Apache as a proxy. This is my current configuration which I've been tinkering with:
Code:
<IfModule mod_ssl.c>
<VirtualHost *:443>
  ProxyPreserveHost On
  ProxyRequests Off
  ServerName example.com
  ServerAdmin devops@example.com


<Location />
  AuthType Basic
  AuthName "Authentication Required"
  AuthUserFile "/etc/apache/.htpasswd"
  require valid-user
  AllowOverride AuthConfig
  Include "/etc/apache2/ip_access"
  ProxyPass http://localhost:5080/
  ProxyPassReverse http://localhost:5080/
</Location>

  SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
  Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
The weird thing here is that if I comment the "Include" line, which refers to a file containing several lines of "Require ip...", the Authentication Window pops up. But if I type in the correct credentials, then I get a 500 internal server error.
As it is, the whole Authentication configuration seems to be completely ignored.

Any ideas how I can go about solving this?

I'm running Apache 2.4.29 on Ubuntu 18.04.2 LTS

Last edited by vincix; 07-10-2019 at 05:21 AM.
 
Old 07-10-2019, 10:16 PM   #2
scasey
Senior Member
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.6
Posts: 3,299

Rep: Reputation: 1111Reputation: 1111Reputation: 1111Reputation: 1111Reputation: 1111Reputation: 1111Reputation: 1111Reputation: 1111Reputation: 1111
If you get an authentication dialog box the auth is working.

What do the httpd error logs say about the 500 error? They usually provide specifics.
 
Old 07-11-2019, 07:37 AM   #3
Hostech_Support
Member
 
Registered: Oct 2017
Location: India
Posts: 41

Rep: Reputation: Disabled
Make sure .htpasswd is accessible and readable by the web server user in your configuration.
 
Old 07-11-2019, 03:03 PM   #4
vincix
Senior Member
 
Registered: Feb 2011
Distribution: Ubuntu, Centos
Posts: 1,008

Original Poster
Rep: Reputation: 75
The problem was that I wrote /etc/apache instead of /etc/apache2. There was absolutely no error whatsoever. Apache simply crashes (idiotic behaviour in my opinion, but never mind that)
Nonetheless, that still hadn't solved my problem, because, as I've already said, I wanted to have both ip-based access together with authentication. So in order to achieve that, you need to use both requireall and requireany, like the following:
Code:
<IfModule mod_ssl.c>
<VirtualHost *:443>
  ProxyPreserveHost On
  ProxyRequests Off
  ServerName fakesmtp.example.com
  ServerAdmin devops@example.com

<Location />
  AuthType Basic
  AuthName "Authentication Required"
  AuthUserFile "/etc/apache2/.htpasswd"
  AllowOverride AuthConfig
  <RequireAll>
  Require valid-user
     <RequireAny>
        Include "/etc/apache2/ip_access"
     </RequireAny>
  </RequireAll>
  ProxyPass http://localhost:5080/
  ProxyPassReverse http://localhost:5080/
</Location>

  SSLCertificateFile /etc/letsencrypt/live/fakesmtp.example.com/cert.pem
  SSLCertificateChainFile /etc/letsencrypt/live/fakesmtp.example.com/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/fakesmtp.example.com/privkey.pem
  Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
I'm using RequireAll so that both conditions are abided by, and RequireAny so that any of the IPs listed in the ip_access (with Require ip... directives) file are enough to fullfil that condition.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Restrict User access based on commands in linux. mohit_mahajan Linux - General 12 04-24-2018 02:11 PM
[SOLVED] Apache Restrict Access to Specific URL Based on IP Obscurious Linux - Newbie 2 11-01-2012 06:39 PM
Postfix authenticating user@domain and restrict user to access linux box LinuxGreen Linux - Newbie 1 12-16-2011 10:00 AM
[SOLVED] IPTABLES: Restrict Internet access based on time of day and MAC address ScottSmith Linux - Security 7 02-09-2010 02:25 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 05:14 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration