Recipe 6.10 Lifting Restrictions Selectively


You want most documents to be restricted, such as requiring a username and password, but want a few to be available to the public. For example, you may want index.html to be publicly accessible, while the rest of the files in the directory require password authentication.


Use the Satisfy Any directive in the appropriate place in your .htaccess or httpd.conf file:

<Files index.html>     Order Deny,Allow     Allow from all     Satisfy Any </Files>


Regardless of what sorts of restrictions you may have on other files, or on the directory as a whole, the <Files> container in the solution makes the index.html file accessible to everyone without limitation. Satisfy Any tells Apache that any of the restrictions in place may be satisfied, rather than having to enforce any particular one. In this case, the restriction in force will be Allow from all, which permits access for all clients.

Weak and Strong Authentication

The basic Apache security model for HTTP is based upon the concepts of weak and strong authentication mechanisms. Weak mechanisms are those that rely on information volunteered by the user; strong ones use credentials obtained without asking him. For instance, a username and password constitute a set of weak credentials, while the IP address of the user's client system is regarded as a strong one.

One difference between the two types lies in how Apache handles an authentication failure. If invalid weak credentials are presented, the server will respond with a 401 Unauthorized status, which allows the user to try again. In contrast, a failure to authenticate when strong credentials are required will result in a 403 Forbidden status for which there is no opportunity to retry.

In addition, strong and weak credentials can be required in combination; this is controlled by the Satisfy directive. The five possible requirements are:

  • None. No authentication required.

  • Only strong credentials are needed.

  • Only weak credentials are required.

  • Both strong and weak credentials are accepted; if either is valid, access is permitted.

  • Both strong and weak credentials are required.

See Also

  • Recipe 6.9

  • Recipe 6.6

Apache Cookbook
Apache Cookbook: Solutions and Examples for Apache Administrators
ISBN: 0596529945
EAN: 2147483647
Year: 2006
Pages: 215

Similar book on Amazon © 2008-2017.
If you may any questions please contact us: