Hiding a HTTP Auth-Realm by sending 404 to non-known IPs?
Posted
by
zhenech
on Server Fault
See other posts from Server Fault
or by zhenech
Published on 2013-11-06T11:15:41Z
Indexed on
2013/11/06
15:57 UTC
Read the original article
Hit count: 275
apache2
|http-basic-authentication
I have an Apache (2.2) serving a web-app on example.com
. That web-app has a debug-page reachable via example.com/debug
. /debug
is currently protected with a HTTP basic auth. As there is only a very small user-base who has access to the debug-page, I would like to hide it based on IP address and return 404
to clients not accessing from our VPN.
Serving a 404 based on IP-address only is easy and is described in http://serverfault.com/a/13071.
But as soon I add authentication, the users see a 401
instead of a 404
.
Basically, what I need is:
if ($REMOTE_ADDR ~ 10.11.12.*):
do_basic_auth (aka return 401)
else:
return 404
© Server Fault or respective owner