password protected folder can i pass it the password?

[techexpressinc]

We have an website with a folder that userid/password protected. Is it possible for to pass the userid/password to the server?

The situtation is that is the employee area. So, when the employees log-in from the office; they do not to enter the userid/password. If they enter from some place other than the office we need them to enter the userid/password.

So, is there a way to can get the ip see the ip is the office ip then not require the password by passing it on to the server somehow?

Is this pie in the sky thinking?

Thanks for any help or direction.
Russ at techexpressinc.com

 

[elgrandeperro]

If it is using Apache authentication, then it you would use the Satisfy Any directive to allow persons on a net access without auth.

 

[techexpressinc]

I see the write-up for "Satisfy". But how would code it if I coming from say an ip of 69.245.249.165
so I would get to the folder without the userid/password prompt.
below write-up on the "Staisfy" command
Syntax: Satisfy any|all
Default: Satisfy all
Context: directory, .htaccess
Status: core
Compatibility: Satisfy is only available in Apache 1.2 and later
Access policy if both Allow and Require used. The parameter can be either 'all' or 'any'. This directive is only useful if access to a particular area is being restricted by both username/password and client host address. In this case the default behavior ("all") is to require that the client passes the address access restriction and enters a valid username and password. With the "any" option the client will be granted access if they either pass the host restriction or enter a valid username and password. This can be used to password restrict an area, but to let clients from particular addresses in without prompting for a password.

 

[elgrandeperro]

The example the exact case:

Require valid-user
Order allow,deny
Allow from 192.168.1
Satisfy Any

But once again I ask, are you using one of Apache's authentication method to restrict access? There is no way for Apache (nor would we want it) to pass authentication to an application layer...

 

[techexpressinc]

i am not sure what the security type is i am not techie enough on the server side. Within the website directory, htdocs, i have a employee folder that is userid/password protected. The folder has a file .htaccess that is where the file is flagged as a password protected file, i think.

The code in it is
"Options - Indexes
AuthType Basic
AuthName "restricted area"
AuthUserFile /data/13/1/150/135/....htdocs/employeesatisfy/.access.pwd
AuthPam_Enabled off

require valid-user"

is that what info you need?
Thx for trying to get me going.
Russ

 

[elgrandeperro]

So exactly like the example:

Options - Indexes
AuthType Basic
AuthName "restricted area"
AuthUserFile /data/13/1/150/135/....htdocs/employeesatisfy/.access.pwd
AuthPam_Enabled off

require valid-user
Order allow,deny
Allow from 192.168.1
Satisfy Any

Which would allow from 192.168.1.* access without passwords.
The Satisfy Any means you can put any number of allows, like

Require valid-user
Order allow,deny
Allow from 192.168.1
Allow from mydomain.com
Allow from 127.0.0.1
Satisfy Any

So this allows from 192.168.1.*, any host that has .mydomain.com on the end (as far as DNS sees it) and from the localhost 127.0.0.1. All these will not need a password.

Read the "Allow" directive, the DNS matching for mydomain.com requires forward and reverse match but most people do that anyway.

 

[techexpressinc]

I am confused on the line "Allow from mydomain.com" Can I put my URL there?

I tried this and failed. Thank you for your patience and help. Russ

"
Options -Indexes
AuthType Basic
AuthName "restricted area"
AuthUserFile /data/13/1/150/135/1313461/user/1406792/htdocs/employeesatisfy/.access.pwd
AuthPam_Enabled off

Require valid-user
Order allow,deny
Allow from 69.245.249.165
Satisfy Any

 

[elgrandeperro]

No, not the URL. If your machines are known in DNS, then as
machine.mydomain.com, puting "Allow from mydomain.com" should allow them access without a password.

I am confused.

You sure your browser was launched from 69.245.249.165?

That seems like a comcast IP. Is this your external facing IP or are you testing? You want to put your NATTED probably
net 10 or net 192.168 into the allow statement (if behind a firewall). Also, check the access logs...

 

[techexpressinc]

Yes that is my comcast IP. I am testing. How would I code my network address translation?
Where would I see my access logs?
Thx
Russ

 

[elgrandeperro]

Accesslogs are on the web server. Describe where (in general terms) it is, what IP it is, is it housed at your company or your site.

 

[techexpressinc]

the web site is hosted at networksolutions
my company's site goes thru a server of a static ip to the internet world

i am testing from my house to the web site

 

[elgrandeperro]

If you or your isp is using a web proxy, then the IP is different. I think the quickest way is to find out how to access the access_logs on the NetworkSolutions side, if possible.

The other way would be to write a short cgi that will display the inbound ip...but that again depends on what networksolutions allows...

 

[elgrandeperro]

Oh, first try this:

http://www.whatip.com/

that displays the inbound ip..

 

[techexpressinc]

69.245.249.165

how do you think i can code a cgi script or change what i have in my htaccess file to get for i am not prompted for a password. thanks Russ

ps. i am typing this on a 8 inch new acer pc that costed $349 at Staples with 1gig ram and xp.

 

[elgrandeperro]

Here is how to get your web logs

http://customersupport.networksolutions.com/article.php?id=303

see if you ip appears when you access your site

There are other ways to extract your IP, but they are less secure.

 

[techexpressinc]

I had to enable it. I can now see the log. i.e.
"-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
69.245.249.165 - - [09/Nov/2008:12:43:36 -0500] "GET /fileman/fileman.cgi

So my ip of 69.245.249.165 is going thru. I just need to code the htaccess file correctly to bypass the password prompt. Any good ideas? Thx for keeping up on the effort.
Russ

 

[techexpressinc]

This is what i have in my test directory now for the .htaccess file that is now working.

Options -Indexes
AuthType Basic
AuthName "restricted area"
AuthUserFile /data/13/1/150/135/1313461/user/1406792/htdocs/employeesatisfy/.access.pwd
AuthPam_Enabled off

Require valid-user
Order allow,deny
Allow from 69.245.249.165
Satisfy Any

 

[elgrandeperro]

And you say this always brings up the login screen?
I think to test, you need to stop/start your browser.

I like to install opera which is pretty light weight browser so I have a brower to test with..

 

[techexpressinc]

yes it always brings up the userid/password screen even if i restart the browser and go right there.

I been using i.e. 7 for the browser that is the browser that the organization uses.

Do you think if I move the satisfy code up to be hit first it would help. I am think maybe it just sequentially goes not and hits the prompt does it and never makes it to the satisfy command.

Thx Russ

 

[elgrandeperro]

No, I use this exact code and ordering.

Change the string "restricted area" to something else. This is simply the banner that gets displayed when it asks for a password. I want to see if it also changes when you access it.

If it doesn't change, then your .htaccess isn't being read. (there might be another .htaccess in play).

If it changes, then I don't know what is going on