Here, I have 2 groups (sysnet and prod) that are authorized to connect.
Skip Authentication for Specific IP Addresses link
I need monitoring screens to access Nagios without authentication while keeping LDAP authentication for other users. Building on the example above, here are the lines to modify:
1
2
3
4
5
AllowOverride AuthConfig
Require valid-user
Order Deny,Allow
Allow From 10.100.10.0/24SatisfyAny
This way, IPs from the 10.100.10.0/24 subnet don’t need to authenticate while others do. To decide whether to validate one solution or the other, I use the Satisfy Any directive. We can put ‘Satisfy All’ if we want all conditions to be validated.
When we have an Apache server at the front end and want to redirect traffic to other Apache servers at the back end, we need to activate mod_proxy. Here’s an example:
Here’s an example of URL rewriting. This allows redirecting cvsweb.mydomain.com automatically to the correct URL and cleaning up the URL as well. I changed from:
It’s possible to block access to all kinds of browsers. If like me, you’re not friends with IE which breaks your PNGs in version 6, doesn’t respect standards, breaks CSS, etc., it might be convenient to block it and politely direct the user to download Firefox as soon as possible.
For this, we’ll use the rewrite mode. It must be enabled as described above. Then add these lines in the desired folder (Directory for the entire site for example) in sites-enabled/000-default:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
<Directory/> ...
AllowOverride FileInfo
<IfModulemod_rewrite.c>RewriteEngineonRewriteCond %{HTTP_USER_AGENT} .*MSIE.*
# opera sometimes pretends to be IERewriteCond %{HTTP_USER_AGENT} !.*Opera.*
# avoid infinite loop in conditionsRewriteCond %{REQUEST_FILENAME} !.*ie.html
# redirect to a page explaining the reasons for rejectionRewriteRule .* /ie.html [L]
</IfModule></Directory>
All that’s left is to create the ie.html file and put your nice text in it (you can also make a simple text file). Here’s what I use (/var/www/ie.html):
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<metahttp-equiv="Content-Type"content="text/html; charset=utf-8" />
<title>Access Forbidden with Internet Explorer</title>
</head>
<body>
Dear Internet User,<br />
<br />
This site cannot be accessed using Internet Explorer.<br />
You should now understand that times are changing.<br />
<br />
You are currently using a browser (Internet Explorer) that doesn't<br />
respect <ahref="http://www.w3.org">standards</a> and holds a monopoly due
to its mandatory omnipresence in<br />
your dear OS (Windows). That said, perhaps you're at work and don't have a
choice of OS.<br />
<br />
However, Internet Explorer should no longer be used when there are many<br />
other free, open-source browsers that respect standards!<br />
But since you don't seem to be aware of this, it's okay, let me help you.<br />
<br />
To begin with, you can download a clean browser like
<ahref="http://www.mozilla.org">Firefox</a>.<br />
This would already help you get on the right track and will allow you to
access<br />
my site.<br />
<br />
Still on your new quest to the light side of the force, you should switch
to<br />
a free, open-source OS (<ahref="http://www.ubuntu.com">Ubuntu</a> for
example) that will surely make you happy.<br />
<br />
I encourage you to take control as soon as possible.<br />
<br />
Regards,<br />
Pierre (aka Deimos)
</body>
</html>
Public folders are used to have multiple clients on a server where each has their own personal space. The practice is quite simple: we have, for example, the user toto who has a “public_html” folder in their home directory, and their web server is accessible via “http://server/~toto”. I did this on OpenBSD with Apache 1.3; normally for version 2, the syntax is the same. So here’s the configuration to add:
You can also see that I changed the header of my main pages with the “HeaderName” option. This header.htm file must be located in the “DocumentRoot” folder when called by “/”.
Here’s an example with a mix of BSD authentication + IP restriction:
Sometimes you might want to make things a little more interactive than just simple HTML. But you’ll run into a significant problem since it simply won’t be able to interpret your code. In my case, I wanted to do it in PHP, so here’s the solution. In your Directory section, where you already have your lines containing HeaderName and ReadmeName, you should insert these lines:
1
2
3
4
5
6
7
# In order for the PHP file to execute in a header, need to have a major type of textAddType text/html .php
AddHandler application/x-httpd-php .php
Options -Indexes
HeaderName /.header.htm
ReadmeName /.footer.php
And now I have my footer in PHP :-). You can follow the explanations on Apache’s website. You can also use CGI, etc.
PHP5 compression will save us precious seconds on page display. To enable it, edit the following file and set the parameter to “on”:
1
2
3
4
5
6
7
8
9
10
11
; Transparent output compression using the zlib library
; Valid values for this option are 'off', 'on', or a specific buffer size
; to be used for compression (default is 4KB)
; Note: Resulting chunk size may vary due to nature of compression. PHP
; outputs chunks that are few hundreds bytes each as a result of
; compression. If you prefer a larger chunk size for better
; performance, enable output_buffering in addition.
; Note: You need to use zlib.output_handler instead of the standard
; output_handler, or otherwise the output will be corrupted.
; http://php.net/zlib.output-compressionzlib.output_compression = on
Then restart your web server for the configuration to be applied.