It is a common question I get from other developers or admins, they try to protect their website with a passwrod, but whitelist (allow passwordless acces) from certain IPs, to avoid the hassle when accessing from secure IPs.

Here is how to do it with Apache 2.4.x with a method that actually works.

First, you’ll need a classic block that will define the basic parameters for Apache, where to find the password files, etc:

AuthUserFile /some/path/.htpasswd
AuthName "Please Log In..."
AuthType Basic

Then just add a RequreAny block like this, to make all the requirements work:

        Require valid-user
        Require ip
        Require ip ....

This way, if any of the requrements are hit in the <RequreAny> block, the page will open.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.