Is it possible to have an .htaccess/.htpasswd access control setup for a given directory, but if they are from a specific IP address, bypass the login/password authentication?
I know you can do something like this in the .htaccess file:
order deny,allow
deny from all
allow from 000.000.000.000
But if you add something along these lines:
AuthType Basic
AuthName "restricted area"
AuthUserFile /path/to/.htpasswd
require valid-user
Then it prompts for the password. Is there any way to do an if/else type setup, or some other solution so that users as a given IP (or set of IPs) don't get prompted for a password, but everyone else does?
If you use apache >=2.4, it would be something like this:
For more info take a look at the docs.
For versions 2.2.X you can use the following...
Obviously replace the path to your usersfile and the ip address which you would like to bypass the authentication.
Further explanation of the specifics, can be found at: http://httpd.apache.org/docs/2.2/howto/auth.html
I am running Apache/2.2.16 (Debian), and had a similar problem, I solved it like this:
(This can be run in both an .htaccess file or directly in the virtualhost under
<Location/>
)I allowed entry without password from two different ip, and the rest must enter password to enter.
If you use apache >=2.4, and you want to allow a set of IP, as asked in initial question, you can do it like this :
In addition to the answer of j5Dev:
Apache 2.4 compatible:
See the migration guide Upgrading to 2.4 from 2.2 for more examples.