Apache2 - authorize users against a Location using BasicAuth but ONLY for users outside local subnet
In my Apache 2 config I have a VirtualHost which looks something like this:
<VirtualHost *:80>
ServerName sub.domain.com
# username:password sent on to endpoint
RequestHeader set Authorization "Basic dXNlcm5hbWU6cGFzc3dvcmQ=="
ProxyPass /xyz http://192.168.1.253:8080/endpoint
ProxyPassReverse /xyz http://192.168.1.253:8080/endpoint
<Location /xyz>
# This needs to let users through under the following circumstances
# * They are in 192.168.1.0/24
# * They have a valid user in a htpasswd file
# So what goes here?
</Location>
</VirtualHost>
I am using the virtual host as reverse proxy to another server (which I will call the endpoint) on the network.
I am trying to figure out a configuration that would allow users inside the network browsing to sub.domain.com to automatically be served the endpoint. However, users outside the network should be prompted for credentials
The endpoint requires a password which I have hidden by using RequestHeader (which I want). The password external users should be prompted by is DIFFERENT and will need to be BasicAuth, getting it's user list from a htpasswd file.
Answer
<Location /xyz>
# This needs to let users through under the following circumstances
# * They are in 192.168.1.0/24
# * They have a valid user in a htpasswd file
Right out of http://httpd.apache.org/docs/2.2/mod/core.html#satisfy:
Require valid-user
Order allow,deny
Allow from 192.168.1
Satisfy any
Of course, you also need to include your AuthUserFile or whatever directives
AuthType basic
AuthName "yadayadayada"
AuthUserFile /foo/bar/blah/.htpasswd
</Location>