Lock down Wiki access to password only but remain open to a subnet via .htaccess

Posted by Treffynnon on Server Fault See other posts from Server Fault or by Treffynnon
Published on 2009-09-30T09:34:44Z Indexed on 2012/09/30 3:40 UTC
Read the original article Hit count: 535

Basically we have a Wiki that has some sensitive information stored in it - not the best I know but my predecessor set it up. I want to be able to request password access from any one who is not on the local network subnet. Those on the local subnet should be able to proceed without entering a password.

The following .htaccess does not seem to work any more as it is letting non-local access without requiring the password:

AuthName "Our Wiki"
AuthType Basic
AuthUserFile /path/to/passwd/file
AuthGroupFile /dev/null
Require valid-user
Allow from 192.168
Satisfy Any
order deny,allow

And I cannot work out why. The WikkaWiki it is supposed to be protecting was recently upgraded, which clobbered the .htaccess file so I restored the above from memory/googling. Maybe I am missing an important directive?

The full .htaccess is as follows:

AuthName "Our Wiki"
AuthType Basic
AuthUserFile /path/to/passwd/file
AuthGroupFile /dev/null
Require valid-user
Allow from 192.168
Satisfy Any

SetEnvIfNoCase Referer ".*($LIST_OF_ADULT_WORDS).*" BadReferrer

order deny,allow
deny from env=BadReferrer

<IfModule mod_rewrite.c>
        # turn on rewrite engine
        RewriteEngine on
        RewriteBase /
        # if request is a directory, make sure it ends with a slash
        RewriteCond %{REQUEST_FILENAME} -d
        RewriteRule ^(.*/[^/]+)$ $1/

        # if not rewritten before, AND requested file is wikka.php
        # turn request into a query for a default (unspecified) page
        RewriteCond %{QUERY_STRING} !wakka=
        RewriteCond %{REQUEST_FILENAME} wikka.php
        RewriteRule ^(.*)$ wikka.php?wakka= [QSA,L]

        # if not rewritten before, AND requested file is a page name
        # turn request into a query for that page name for wikka.php
        RewriteCond %{QUERY_STRING} !wakka=
        RewriteRule ^(.*)$ wikka.php?wakka=$1 [QSA,L]
</IfModule>

© Server Fault or respective owner

Related posts about apache2

Related posts about .htaccess