Use .htaccess to restrict external access to my Intranet_问答_开发者

Use .htaccess to restrict external access to my Intranet

开发者 https://www.devze.com 2023-02-08 16:19 出处：网络

I\'m sure this is possible, but its beyond my meager abilities with .htaccess files. We have an internal php app that we use, we have basic security internally, but dont need to worry too much.I woul

I'm sure this is possible, but its beyond my meager abilities with .htaccess files.

We have an internal php app that we use, we have basic security internally, but dont need to worry too much. I would like to make it available online for use when staff are out and about. I would like to have additional security based on htaccess or htpassword files.

Is it possible to write a htaccess file that does the following

If user is accessing from office.mydomain.com it means they are internal (office.mydomain.com resolves to an internal ip like 192.168.22.22) so allow unimpeded access
If the user is accessing from outside it will be external.myoffice.com - if this is the case as an added bit of security I would like to use .htaccess and a password file to get the user to enter an apache password.

Ca开发者_开发知识库n anyone tell me how to write this with .htaccess file?

Update: Thanks for all the answers, I have posted what worked for me as an answer to help others.

You can use

RewriteCond %{REMOTE_ADDR} !^192\.168\.

to specify the condition of an external IP, or use

RewriteCond %{REMOTE_ADDR} ^192\.168\.

for the condition of a local IP.

You will just have to integrate these into your existing htaccess rules in a sensible way.

I think this does do what you want; ~~http://codesanity.net/2009/11/conditional-htpasswd-multienvironment-setups/~~ ~~http://tomschlick.com/2009/11/08/conditional-htpasswd-multi-environments/~~

~~https://tomschlick.com/2009/11/08/conditional-htpasswd-multi-environments~~

Correct address for the resource as of 2022/01/15. https://tomschlick.com/conditional-htpasswd-multi-environments/

Here you go

order deny,allow
allow from 192.168.22.0/255.255.255.0
deny from all

You can use a subnet mask to make sure the visitors are from the same network. If you need to address another network, just use those IP's (as the server sees them)

To Complete this answer the following Works.

#allows everything if its on a certain host
SetEnvIf HOST "^www.mysite.com" external_url
SetEnvIf HOST "^localhost" local_url
Order Deny,Allow

AuthName "Restricted Area"
AuthType Basic
AuthUserFile path/to/your/.htpasswd
AuthGroupFile /
Require valid-user

#Allow valid-user
Deny from all
Allow from env=external_url
Allow from env=local_url
Satisfy any

This pops up a Restricted Area login box if you visit via the www.mysite.com but displays nothing if you are coming locally.