Apache 2.4 – Authenticate Anonymous Users and Allow Others by IP

.htaccessapache-2.4flask

I am trying to configure Apache to allow users from a selection of IPs access to a Flask application without authentication, but to challenge any other users for credentials.

As things stand I have the following configuration:

<directory /var/www/flaskapp>
    WSGIProcessGroup flaskapp
    WSGIApplicationGroup %{GLOBAL}
    WSGIScriptReloading On
    WSGIPassAuthorization On
    Order deny,allow
    AuthType Basic
    AuthName "Restricted area - authorised users only"
    AuthUserFile "/usr/local/apache/passwd"
    <RequireAll>
        <RequireAny>
            Require ip 1.1.1.1
         </RequireAny>
        Require valid-user
    </RequireAll>
</directory>

This isn't working, and is instead prompting all users for authentication.

I should mention that I have used htpasswd to create a user file at the location /usr/local/apache/passwd as indicated in the config.

Best Answer

You only need the RequireAny condition:

<RequireAny> and </RequireAny> are used to enclose a group of authorization directives of which one must succeed in order for the <RequireAny> directive to succeed.

<RequireAny>
    Require ip 1.1.1.1
    Require valid-user
</RequireAny>
Related Topic