Posted 2002-06-13T14:27:00+01:00 in recipe apache
Every once in a while the access log file of the Apache webserver that I'm running on my home computer shows people doing CONNECT or OPTIONS HTTP commands, seeing what the webserver is capable of. Most of these OPTIONS requests are from Microsoft Office clients. The CONNECT requests are probably from browsers trying to find a proxy gateway, I think.
I want to limit access to the webserver in two ways: Access control to a particular network range of computers can be done with the Order, Allow and Deny directives. Access control with authorization is done with the Require, AuthType, AuthUserFile, AuthGroupFile, and AuthName directives.
The Satisfy directive lets me combine these two requirements.
Since there are many parts of the site that I want to restrict access to, I put a LocationMatch at the bottom of the httpd.conf file. The LocationMatch directive allows me to use a single directive with a regular expression to control access to a number of resources.
<LocationMatch ^/(server-info|server-status).*$>
# mod_access module:
Order Deny,Allow
Deny from All
Allow from 172.20, 127.0.0
# http_core module:
AuthUserFile passwd/users
AuthName "My Place"
AuthType Basic
Require valid-user
Satisfy Any
</LocationMatch>
IMPORTANT: You want to be careful not to open even more restricted parts of the site by using a careless Location pattern like <Location ~ /*>. Once a user has been granted access (e.g. any LAN user in my example), she has access to all Location directive defined parts of your site.