Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: apache 2.4 and mod_access_compat |
|
Author |
|
AndreL
Joined: 23 Sep 2009 Posts: 5
|
Posted: Thu 23 Aug '12 9:25 Post subject: apache 2.4 and mod_access_compat |
|
|
Hi,
I just migrated from apache 2.2 to 2.4.3 using the mod_access_compat module. No issue for that first step.
I have some troubles to convert the autorisation to the new format.
Old format:
<Directory "C:/Web/intranet">
Order Deny,Allow
Deny from all
Allow from 192.168.1.0/24
AuthType Basic
AuthName "Intranet"
AuthUserFile ./conf/auth.psw
Require valid-user
Satisfy Any
</Directory>
My translated format:
<Directory "C:/Web/intranet">
AuthType Basic
AuthName "Intranet"
AuthUserFile ./conf/auth.psw
Require IP 192.168.1.0/24
Require valid-user
</Directory>
The latest is not working...
NB: could I use the new way of working for some sections keeping others on the former format with mod_access_compat
Thanks for your help,
André. |
|
Back to top |
|
Steffen Moderator
Joined: 15 Oct 2005 Posts: 3093 Location: Hilversum, NL, EU
|
Posted: Fri 24 Aug '12 15:58 Post subject: |
|
|
Yep, for me it is also mostly puzzling with the new require in 2.4.
In your config the requires are OR-ed.
You may want to try:
<Directory "C:/Web/intranet">
AuthType Basic
AuthName "Intranet"
AuthUserFile ./conf/auth.psw
<RequireAll>
Require IP 192.168.1.0/24
Require valid-user
</RequireAll>
</Directory>
When that is not working either, you can try:
<RequireAll>
Require all denied
Require IP 192.168.1.0/24
Require valid-user
</RequireAll> |
|
Back to top |
|
dreuzel
Joined: 30 Jan 2006 Posts: 16
|
Posted: Thu 04 Oct '12 9:59 Post subject: |
|
|
It makes no sence to have an apache and not being able to secure a website with password, ip, host security.
I've installed and tried 2.4.3 just to notice all security seems to fail, Whatever I try I do notget
aany protection or a full block the site. I can not get it under controll,
What I want is basic and simple : I use DBD odbc access controll. All queries exist since ages and always where correct.
<Directory /secure>
Authtype Digest
AuthDIgestProvider dbd
require valid-user
</directory>
tried
require dbd-user
encapsuled <RequireAll>
added Satisfy all
....
I can only access based on
required ip but I need a username and group securit in my application .....
Please help me ?
Is the code broken
for such a simple requirement it should be easy and straightforward no ?
If something that simple in requirement seems to fail unexplicably can I ever rely on Apache security again ??? |
|
Back to top |
|
|
|
|
|
|