A quick suggestion/idea. It'd be really nice to be able to have user
security that would allow the following in <Limit GET>:
if the incoming address is in the "allow" list, let it in immediately
if the incoming address is in the "allow-require" list, ask for
id/password authentication
if the incoming address is in the "deny" list, deny any access
The format of the allow-require would have a format of:
allow-require host <host> [host <host>] user|group <user|group> \
[user|group <user|group>]
Or, maybe it'd be better to have an "allow-noauth" that just lists hosts
that should be allowed in without any authentication. Then the already
existing allow/require would work as-is to require authentication of
anyone else.
I guess there'd also have to be another option for "order": allow-noauth
or allow-require.
If there is some way of doing this already, I'd love to know about it.
I'd also appreciate suggestions on better ways to accomplish this same
result. I'll write up a patch myself, but want to make it work for the
most people. These are my specific requirements for the fix:
- allow un-contested access to any "known" machines (domain name or IP)
- allow passworded access to any other machines (at a client's site)
- possibly deny access to all other machines
Security is not an incredibly huge concern. We just want to allow easy
access to those who need to access these pages quickly and easily, while
still allowing controlled access to some others, and finally preventing
access to everyone else.
Ideas?
Pete Kruckenberg
pete@dsw.com
pete@inquo.net
security that would allow the following in <Limit GET>:
if the incoming address is in the "allow" list, let it in immediately
if the incoming address is in the "allow-require" list, ask for
id/password authentication
if the incoming address is in the "deny" list, deny any access
The format of the allow-require would have a format of:
allow-require host <host> [host <host>] user|group <user|group> \
[user|group <user|group>]
Or, maybe it'd be better to have an "allow-noauth" that just lists hosts
that should be allowed in without any authentication. Then the already
existing allow/require would work as-is to require authentication of
anyone else.
I guess there'd also have to be another option for "order": allow-noauth
or allow-require.
If there is some way of doing this already, I'd love to know about it.
I'd also appreciate suggestions on better ways to accomplish this same
result. I'll write up a patch myself, but want to make it work for the
most people. These are my specific requirements for the fix:
- allow un-contested access to any "known" machines (domain name or IP)
- allow passworded access to any other machines (at a client's site)
- possibly deny access to all other machines
Security is not an incredibly huge concern. We just want to allow easy
access to those who need to access these pages quickly and easily, while
still allowing controlled access to some others, and finally preventing
access to everyone else.
Ideas?
Pete Kruckenberg
pete@dsw.com
pete@inquo.net