From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 913611381F3 for ; Fri, 30 Nov 2012 08:38:48 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B4A9221C060; Fri, 30 Nov 2012 08:38:32 +0000 (UTC) Received: from mail-ee0-f53.google.com (mail-ee0-f53.google.com [74.125.83.53]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 7CB2EE0605 for ; Fri, 30 Nov 2012 08:37:21 +0000 (UTC) Received: by mail-ee0-f53.google.com with SMTP id c50so117601eek.40 for ; Fri, 30 Nov 2012 00:37:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=AXqd/SdUWv/CffnBnK57wTnb8tzprEwuSunYgP/4lII=; b=gpZzcALvOWLuqlaN/u5a3aZmzS6zZrzfMSj+JjpTDza1qckiQ9svSXXhzo6ybFXl/J 6CPkPTfuwe1WrmWLjhSGlrTv1Twyv+lgab8k97Me7tW+wSRSO8i5HHjfSt+HyPnilYns TioCJ8Jvq4vi4nfGZnqaMYMOUop6/4r1kVNhpfZ/pWjYRnfyVJDRcCrvL+Ao+P5S9jeg PTeweeW2Ku71xT17x4LEaeRoHYYM0LCxrYMrvwGImTUnzLG/WNRuNkGfBzv9byvUZzJL 4xXm3s8CUJCWiHLQcfajRbUQJw3gBApVddRp8btRsEa8hzd5IftLue9wMxItuquEESBR 8szQ== Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Received: by 10.14.221.5 with SMTP id q5mr2015677eep.33.1354264640018; Fri, 30 Nov 2012 00:37:20 -0800 (PST) Received: by 10.223.96.140 with HTTP; Fri, 30 Nov 2012 00:37:19 -0800 (PST) In-Reply-To: <50B80631.1020302@orlitzky.com> References: <20121129013519.GA14272@syscon7.inet> <20121129175559.GB14272@syscon7.inet> <20121129224338.7a18e0d5@khamul.example.com> <50B80631.1020302@orlitzky.com> Date: Fri, 30 Nov 2012 00:37:19 -0800 Message-ID: Subject: Re: [gentoo-user] Restrict certain web users by IP From: Grant To: Gentoo mailing list Content-Type: multipart/alternative; boundary=047d7b66f3c5ccd77404cfb24e8d X-Archives-Salt: d104569f-a638-4dfe-8790-e5ee69ef80c1 X-Archives-Hash: aee5326cb8a4c5cffbb38ab2f45b0342 --047d7b66f3c5ccd77404cfb24e8d Content-Type: text/plain; charset=ISO-8859-1 > > Run two vhosts that deliver the same content from the same DocumentRoot > > > > One has jack and jill as users in htpasswd with no acls in place > > The other has john and jacob as users in a different htpasswd with IP > > acls in place > > > > Trying to specify access rules to a group of users and not to other > > users all in the same context is a problem that will drive you nuts in a > > day. Rather side-step it entirely by applying your rules globaly to two > > different things. > > > > You can probably accomplish the same with path aliases and > restrictions. Untested: > > Alias /jackjill /var/www/your-stuff > Alias /johnjacob /var/www/your-stuff > > > AuthType Basic > AuthName "Restricted" > AuthUserFile /var/www/jackjill.passwd > Require valid-user > Allow from > Allow from > Deny from all > > > > AuthType Basic > AuthName "Restricted" > AuthUserFile /var/www/johnjacob.passwd > Require valid-user > I like this idea since it means I don't need to mess with another domain name. The only problem I'm running into is one of the applications on the server doesn't work with www.example.com/jackjill/app, it only works with www.example.com/app. I set up a RewriteRule to rewrite /jackjill/app to /app, and that makes the application work, but then doesn't work. Is there any way around this? - Grant --047d7b66f3c5ccd77404cfb24e8d Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable > > Run two vhosts that deliver the same content from the same Docume= ntRoot
> >
> > One has jack and jill as users in htpasswd= with no acls in place
> > The other has john and jacob as users i= n a different htpasswd with IP
> > acls in place
> >
> > Trying to specify access = rules to a group of users and not to other
> > users all in the sa= me context is a problem that will drive you nuts in a
> > day. Rat= her side-step it entirely by applying your rules globaly to two
> > different things.
> >
>
> You can probably a= ccomplish the same with path aliases and <Location>
> restricti= ons. Untested:
>
> =A0 Alias /jackjill /var/www/your-stuff
> =A0 Alias /johnjacob /var/www/your-stuff
>
> =A0 <Locat= ion /jackjill>
> =A0 =A0 AuthType Basic
> =A0 =A0 AuthName &= quot;Restricted"
> =A0 =A0 AuthUserFile /var/www/jackjill.passwd=
> =A0 =A0 Require valid-user
> =A0 =A0 Allow from <jack-ip>
> =A0 =A0 Allow from <jill= -ip>
> =A0 =A0 Deny from all
> =A0 </Location>
>=
> =A0 <Location /johnjacob>
> =A0 =A0 AuthType Basic
= > =A0 =A0 AuthName "Restricted"
> =A0 =A0 AuthUserFile /var/www/johnjacob.passwd
> =A0 =A0 Require= valid-user
> =A0 </Location>

I like this idea sinc= e it means I don't need to mess with another domain name. =A0The only p= roblem I'm running into is one of the applications on the server doesn&= #39;t work with www.example= .com/jackjill/app, it only works with www.example.com/app. =A0I set up a RewriteRule to rewrite /jackji= ll/app to /app, and that makes the application work, but then <Location = /jackjill> doesn't work. =A0Is there any way around this?

- Grant
--047d7b66f3c5ccd77404cfb24e8d--