I am looking for a way to protect a directory based on remote IP address. I have a .htaccess file with several hundreds of IP/mask combo's but that is a pain to maintain.
I thought the mod_auth_mysql would relief me, but there is no way i can configure it to *NOT* use username/passwd combo's....
i have some mysq/php app that (amongst more data) holds the IP addresses of people that have access.
If you can help me, many thanks,
--
Dick Visser
dick@tienhuis.nl
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Sorry for the delay in responding; I've been pretty busy lately.
No, there's no way to stop from asking for userid/password.
The problem here is we use a different authorization mechanism than .htaccess does.
We don't request the userid/password. When a request for a protected resource comes in, Apache sends an "Authorization Required" response back to the browser. The broswer then responds with the userid/password (or brings up the dialog if it doesn't have these).
Once Apache receives this data it calls mod_auth_mysql.
So, as you can see, even if we allowed bypassing the userid and password, Apache and the browser would still request it from the user.
Sorry I don't have a good answer for you.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi guys
I am looking for a way to protect a directory based on remote IP address. I have a .htaccess file with several hundreds of IP/mask combo's but that is a pain to maintain.
I thought the mod_auth_mysql would relief me, but there is no way i can configure it to *NOT* use username/passwd combo's....
i have some mysq/php app that (amongst more data) holds the IP addresses of people that have access.
If you can help me, many thanks,
--
Dick Visser
dick@tienhuis.nl
Dick,
Sorry for the delay in responding; I've been pretty busy lately.
No, there's no way to stop from asking for userid/password.
The problem here is we use a different authorization mechanism than .htaccess does.
We don't request the userid/password. When a request for a protected resource comes in, Apache sends an "Authorization Required" response back to the browser. The broswer then responds with the userid/password (or brings up the dialog if it doesn't have these).
Once Apache receives this data it calls mod_auth_mysql.
So, as you can see, even if we allowed bypassing the userid and password, Apache and the browser would still request it from the user.
Sorry I don't have a good answer for you.