Password protect external access to WebApp - Securing Apache
I had this weird problem, where i had to secure a web server, to which access form the local network is granted by default, but if anyone who is not in the local network tires to access a web page, we had to validate him for username and password.
After some googling, i found this configuration that allowed me to secure the apache directory, this is the configuration
<Directory /var/www/html/123/> AuthType Digest AuthName "Intranet" AuthDigestDomain / BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On AuthDigestProvider file AuthUserFile /physical/path/to/.digest_pw Require valid-user Order Allow,Deny Allow from 192.168.0.0/255.255.255.0 Satisfy any </Directory>
There are typically two kinds of authorizations here,
1) Allow from Directive
2) AuthUserFile Directive
The Allow from directive allows traffic from the specified ip range, and the AuthUserFile validates allows the validation of user credentials, if he/she has given them. The Satisfy any directive allows apache to validate any one of teh above conditions to grant access to the specified resources.
