I run a apache webserver at home which is accessible on the local LAN as well as on the internet, In order to make an internal server visible on the Internet, I use port-forwarding on my cable router: incoming http requests are forwarded to my web server.
The issue is that I want to shield some private pages from public access. Outside the local LAN, I want these pages to be password protected. At the same time, I want these pages to have no restrictions when I access them from another computer on the LAN at home.
This is how I did that:
In apache’s configuration file (/etc/httpd/httpd.conf) you can limit page access by based on the validity of one of multiple options. In my case:
- you are allowed direct access based on a hostmask/IP address, or if that condition is not satisfied,
- you have to enter a valid username/password.
You achieve this by adding something like this inside a <Directory></Directory> or <Location></Location> block where you define the behaviour of a web page:
require valid-user
Allow from .myhome.lan
Satisfy any
What I assumed here was that your home computers all have hostnames which end on “.myhome.lan“. If the apache webserver receives a page request from one of your computers, you will automatically get access to your protected URL. If your computer hostname does not end on “.myhome.lan” (for instance when you access the webserver from a computer on the internet), the second pre-condition will be checked by the apache webserver. A login form will be presented to you and you will have to enter your credentials. If apache decides that your credentials are that of a “valid user” then you will get access to the page.
If your network at home does not use domain names for the computers (the “.myhome.lan” is the domain name used in the above example) then the above line “Allow from .myhome.lan” will not work. Fortunately, you can use (partial) IP address as well, so that the example would become:
require valid-user
Allow from 192.168
Satisfy any
which would give full access to any computer with an IP address in the range 192.168.0.0/16 .
For more information about protecting your web pages:
- See http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow for a full
description of the “Allow” syntax. - See http://httpd.apache.org/docs/2.2/howto/auth.html which has examples for ad
ding user authentication to your web pages.
More tips will probably follow. I have a lot of these useful snippets for which a whole Wiki page is just too much.
Cheers, Eric
Recent comments