In previous sections, you learned how to restrict access based on user identity or request information. The Satisfy directive enables you to determine whether both types of access restrictions must be satisfied in order to grant access. Satisfy accepts one parameter, which can be either all or any. Satisfy all means that the client will be granted access if it provides a valid username and password and passes the access restrictions. Satisfy any means the client will be granted access if it provides a valid username and password or passes the access restrictions. Why is this directive useful? For example, you might want to provide free access to your Web site to users coming from an internal, trusted address, but require users coming from the Internet to provide a valid username and password. Listing 15.4 demonstrates just that. Listing 15.4 Mixing Authentication and Access Control Rules1: <Location /restricted> 2: Allow from 10.0.0.0/255.255.255.0 3: AuthType Basic 4: AuthName "Intranet" 5: AuthUserFile /usr/local/apache2/conf/htusers 6: AuthAuthoritative on 7: Require valid-user 8: Satisfy any 9: </Location>
|