0

I set following vhost which I want to be accessible without login when called from within the network, but with login when called from outside. However, no matter how I change the Require IP, RequireAny, ... I can't bring it to work. What am I missing here?

<IfModule mod_proxy.c>
    <VirtualHost *:80>
        ServerName sub.domain.com
        ServerAdmin mail@domain.com

        ProxyPass / http://192.168.1.20/
        ProxyPassReverse / http://192.168.1.20/

        <Proxy *>
            AuthType Basic
            AuthName "Only for administrators"
            AuthBasicProvider file
            AuthUserFile /etc/apache2/passwords/mypasswordfile.pwd
            AuthGroupFile /dev/null

            <RequireAny>
                Require local
                Require ip 192.168.1.0/24
                Require host domain.com
                Require valid-user
            </RequireAny>
        </Proxy>

        # Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
        ErrorLog ${APACHE_LOG_DIR}/error.log
        LogLevel warn
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        
    </VirtualHost>
</IfModule>

Looking for advice...

Marco
  • 1
  • What happens with this configuration? Anything in the error log? Can you provide a couple of lines from the access log? – Gerard H. Pille Jul 13 '20 at 19:52
  • Nothing in the error log. In the access log I see: – Marco Jul 16 '20 at 04:24
  • access.log entry when loading on my mobile 99.97.nnn.nnn.dynamic.wline.res.cust.swisscom.ch - - [16/Jul/2020:06:28:05 +0200] "GET / HTTP/1.1" 401 745 "-" "Mozilla/5.0 (Linux; Android 10; SAMSUNG SM-G975F) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/12.0 Chrome/79.0.3945.136 Mobile Safari/537.36" – Marco Jul 16 '20 at 04:30
  • access.log entry when loading on chrome: 99.97.nnn.nnn.dynamic.wline.res.cust.swisscom.ch - - [16/Jul/2020:06:32:19 +0200] "POST /api/homematic.cgi HTTP/1.1" 401 745 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" – Marco Jul 16 '20 at 04:31
  • This would mean that eg. your mobile has an IP address different from 127.0.0.0/8 (duh), different from 192.168.1.0/24, and when Apache does a double reverse dns lookup of that address, it doesn't resolve to domain.com (it seams to resolve to swisscom.ch). Check https://httpd.apache.org/docs/current/mod/mod_authz_host.html – Gerard H. Pille Jul 16 '20 at 09:39

0 Answers0