Join Log in
Score:1
avatar Server

Apache - Require authentication for all but one IP

eg flag
Brad

We have a website that users need a valid jwt token to access however we need a certain IP access WITHOUT the token. Here's what I am trying to use to no avail:

<Directory ${VIDEO_ROOT}>
    Header always set Access-Control-Allow-Headers "Authorization"
    AllowOverride All
    <LimitExcept OPTIONS>
    AuthType jwt
    AuthName "private area"
    Require jwt-claim user=genericuser  # username of some kind must exist
    Require valid-user
    </LimitExcept>
    SetEnvIF X-Forwarded-For "^1\.2\.3\.4" ip_ok
    Allow from env=ip_ok
    Satisfy any
</Directory>

Can any apache gurus help me understand the correct way of doing this? I do need to use X-Forwarded-For

187
1 + 2
diya avatar
la flag
diya
Using the `RequireAny` and/or `RequireAll` in [Authorization Containers](https://httpd.apache.org/docs/current/mod/mod_authz_core.html#logic) allows you to apply logic and combine access controls in the manner you want.
0
Reply
eg flag
Brad
Thanks for the suggestion.
0
Reply
Score:0
avatar Server
eg flag
Brad

Thanks to @diya the following seems to do the trick:

<Directory ${VIDEO_ROOT}>
    Header always set Access-Control-Allow-Headers "Authorization"
    AllowOverride All
    SetEnvIF X-Forwarded-For ^1\.2\.3\.4 ip_ok
    <LimitExcept OPTIONS>
    AuthType jwt
    AuthName "private area"
    <RequireAny>
    Require jwt-claim user=genericuser  # username of some kind must exist
    Require valid-user
    Require env ip_ok
    </RequireAny>
    </LimitExcept>
</Directory>
+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.