CODEWITHSUNDEEP
apache
user2055277
user2055277

Reputation: 11

Apache 2.4 Require statements not parsing as expected

I'm trying to migrate from Apache 2.2 over to 2.4. One problem I'm having is getting one of my .htaccess files working as it does in 2.2. Essentially what I'm trying to do is allow all of my servers to get to the website without a password, and then require a simple password when someone not from my network, or on one of our desktops trys to get to it. The statements below are from 2.2 and work as intended. The deny statement is a subset of IP's inside the allowed from group. 

AuthType Basic
AuthName "Dev password"
AuthUserFile /path/.htpass
Require user devuser



order allow,deny



allow from xxx.xxx.xx.x/24 xxx.xxx.xx.x/16 xxx.xxx.xxx.x/24
deny from xxx.xxx.xxx.xxx/25



Satisfy any

This however is how I thought I would do the same thing in 2.4 but I cannot get it to work:

RequireAny
        RequireAll
             RequireAny
                  Require ip 10.0
                  Require ip 192.168.0
             /RequireAny 
             RequireNone

                  Require ip 10.0.10
                  Require ip 192.168.0.128/25
             /RequireNone
         /RequireAll


     AuthType Basic
     AuthName "Dev password"
     AuthUserFile /path/.htpass                
     Require user dev

/RequireAny

Can someone tell me what I'm doing wrong? It's not requesting authenticate from my desktops.

Sorry it's not showing my tags for requireall and requireany. so I don't have them tagged.

Upvotes: 1

Views: 1128

Answers (1)

Mikhail T.
Mikhail T.

Reputation: 4017

You seem to be doing it right. Crank-up the LogLevel for authz:

LogLevel authz_core:trace3

and see, what gets logged for each hit. It may be something as silly as a typo in the IP-range specification, for example.

Upvotes: 0

Related Questions