From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id E35FE1381F3 for ; Thu, 29 Nov 2012 23:38:24 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E7E2421C019; Thu, 29 Nov 2012 23:38:04 +0000 (UTC) Received: from mail-ea0-f181.google.com (mail-ea0-f181.google.com [209.85.215.181]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 6546FE02C4 for ; Thu, 29 Nov 2012 23:36:53 +0000 (UTC) Received: by mail-ea0-f181.google.com with SMTP id k14so4586196eaa.40 for ; Thu, 29 Nov 2012 15:36:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=pVE0dXew1W982monZpUsQ8b1mocAqY0y1rORC4yghGg=; b=BUAwZNAiqjGElLlTdpgizCz43gXkuz6uz8dbMuqa1SOsv5bD/Depkh9Pv5cph2d7k1 yxp7BQTvrO4myBGOi/iABE8PxzJrcj3Q/a5z+6+ANnuHOc9DZ3TYl1Mrk4l4FYbrLjiH Pf9sXIYF/e6fpidUM7hkp4z/xguZOA64GMS4hLQThOUZv8NxIWYpyGbzX6PT01H4VTP3 plsTMDAgwgO77hQcatWRPgFg9rBAmIokR3hU/54QUjDOHOr06kFhmnPGznrvwNk8T3gK Dq2ebNl3CfjQ1LvAmeBZP9/+u3Ifqvs0F001ybFRL4rXJ07fMQy+NZIs5gY1BO39KGwF 7raw== Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Received: by 10.14.174.194 with SMTP id x42mr87855795eel.22.1354232212014; Thu, 29 Nov 2012 15:36:52 -0800 (PST) Received: by 10.223.96.140 with HTTP; Thu, 29 Nov 2012 15:36:51 -0800 (PST) In-Reply-To: <20121129224338.7a18e0d5@khamul.example.com> References: <20121129013519.GA14272@syscon7.inet> <20121129175559.GB14272@syscon7.inet> <20121129224338.7a18e0d5@khamul.example.com> Date: Thu, 29 Nov 2012 15:36:51 -0800 Message-ID: Subject: Re: [gentoo-user] Restrict certain web users by IP From: Grant To: Gentoo mailing list Content-Type: multipart/alternative; boundary=047d7b621edef0c6e204cfaac1c9 X-Archives-Salt: 3cdf1771-b323-460e-9c99-49884dd91e55 X-Archives-Hash: 9a6bb29cf67ab28966e5e206d1cc2ddb --047d7b621edef0c6e204cfaac1c9 Content-Type: text/plain; charset=ISO-8859-1 > > I want users jack and jill to be able to access the web content from > > any IP address, and I want users john and jacob to be able to access > > the web content only if they are coming from a certain IP address. I > > don't want anyone else to have access. > > > > - Grant > > Run two vhosts that deliver the same content from the same DocumentRoot > > One has jack and jill as users in htpasswd with no acls in place > The other has john and jacob as users in a different htpasswd with IP > acls in place > > Trying to specify access rules to a group of users and not to other > users all in the same context is a problem that will drive you nuts in a > day. Rather side-step it entirely by applying your rules globaly to two > different things. So I'm sure I understand, if I want to keep the IP address which accesses the web content the same, this means setting up a vhost for a port other than 80 and 443 which the other vhosts are already set up on? - Grant --047d7b621edef0c6e204cfaac1c9 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable > > I want users jack and jill to be able to access the web content f= rom
> > any IP address, and I want users john and jacob to be able= to access
> > the web content only if they are coming from a cert= ain IP address. =A0I
> > don't want anyone else to have access.
> >
> &= gt; - Grant
>
> Run two vhosts that deliver the same content fr= om the same DocumentRoot
>
> One has jack and jill as users in = htpasswd with no acls in place
> The other has john and jacob as users in a different htpasswd with IP<= br>> acls in place
>
> Trying to specify access rules to a g= roup of users and not to other
> users all in the same context is a p= roblem that will drive you nuts in a
> day. Rather side-step it entirely by applying your rules globaly to tw= o
> different things.

So I'm sure I understand, if I = want to keep the IP address which accesses the web content the same, this m= eans setting up a vhost for a port other than 80 and 443 which the other vh= osts are already set up on?

- Grant
--047d7b621edef0c6e204cfaac1c9--