Lock down Wiki access to password only but remain open to a subnet via .htaccess
- by Treffynnon
Basically we have a Wiki that has some sensitive information stored in it - not the best I know but my predecessor set it up. I want to be able to request password access from any one who is not on the local network subnet. Those on the local subnet should be able to proceed without entering a password.
The following .htaccess does not seem to work any more as it is letting non-local access without requiring the password:
AuthName "Our Wiki"
AuthType Basic
AuthUserFile /path/to/passwd/file
AuthGroupFile /dev/null
Require valid-user
Allow from 192.168
Satisfy Any
order deny,allow
And I cannot work out why. The WikkaWiki it is supposed to be protecting was recently upgraded, which clobbered the .htaccess file so I restored the above from memory/googling. Maybe I am missing an important directive?
The full .htaccess is as follows:
AuthName "Our Wiki"
AuthType Basic
AuthUserFile /path/to/passwd/file
AuthGroupFile /dev/null
Require valid-user
Allow from 192.168
Satisfy Any
SetEnvIfNoCase Referer ".*($LIST_OF_ADULT_WORDS).*" BadReferrer
order deny,allow
deny from env=BadReferrer
<IfModule mod_rewrite.c>
# turn on rewrite engine
RewriteEngine on
RewriteBase /
# if request is a directory, make sure it ends with a slash
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^(.*/[^/]+)$ $1/
# if not rewritten before, AND requested file is wikka.php
# turn request into a query for a default (unspecified) page
RewriteCond %{QUERY_STRING} !wakka=
RewriteCond %{REQUEST_FILENAME} wikka.php
RewriteRule ^(.*)$ wikka.php?wakka= [QSA,L]
# if not rewritten before, AND requested file is a page name
# turn request into a query for that page name for wikka.php
RewriteCond %{QUERY_STRING} !wakka=
RewriteRule ^(.*)$ wikka.php?wakka=$1 [QSA,L]
</IfModule>
