I need to combine basic auth in the apache conf file, with a (long) series of IPs to block in the .htaccess file.
The IP blocking works, but if I switch on the basic auth in the site's conf file, authentication does not work.
My site's conf is as follows:
<Directory "/var/www/sites/site.com/">
Require all denied
AuthName "Dev Site"
AuthType Basic
AuthUserFile /etc/httpd/conf/users
deny from all
allow from 1.0.0.0/8 2.0.0.0/8 3.0.0.0/8
Require valid-user
</Directory>
.htaccess file (IPs to block):
<RequireAll>
Require all granted
Require not ip 10.1.1.1
Require not ip 11.1.1.1
# ...
</RequireAll>
It's as if the .htaccess directives are overriding the basic auth in the conf file. If I remove the .htaccess file, then the basic auth works as expected. The .htaccess block list is dynamic, so it needs to remain.
I'd appreciate any ideas.
Thanks
question from:
https://stackoverflow.com/questions/65644613/combining-htaccess-ip-block-with-authtype-basic-on-apache-2-4 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
