I've never had a need to protect a site like this so am totally new to it...

I've been reading, and everything says that digest-auth is preferred to
basic-http-auth (yes, I know that this isn't a very sophisticated level
of protection, but it is all we need for this site), but is there also a
way to whitelist certain static IP address so people on those don't get
prompted for a username/password?


Thanks for any pointers to tfm...

On 04/03/12 15:06, Tanstaafl wrote:
> I've never had a need to protect a site like this so am totally new to
> it...
>
> I've been reading, and everything says that digest-auth is preferred to
> basic-http-auth (yes, I know that this isn't a very sophisticated level
> of protection, but it is all we need for this site), but is there also a
> way to whitelist certain static IP address so people on those don't get
> prompted for a username/password?
>
> Thanks for any pointers to tfm...
>

From http://httpd.apache.org/docs/2.2/mod/core.html#satisfy,

For example, if you wanted to let people on your network have
unrestricted access to a portion of your website, but require that
people outside of your network provide a password, you could use a
configuration similar to the following:

See also:

http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html

for the "Allow from..." docs.