From owner-freebsd-questions@FreeBSD.ORG  Tue Mar  7 07:49:36 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: questions@freebsd.org
Delivered-To: freebsd-questions@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7103216A420
	for <questions@freebsd.org>; Tue,  7 Mar 2006 07:49:36 +0000 (GMT)
	(envelope-from cscotts@mindspring.com)
Received: from relay02.pair.com (relay02.pair.com [209.68.5.16])
	by mx1.FreeBSD.org (Postfix) with SMTP id DCB2643D46
	for <questions@freebsd.org>; Tue,  7 Mar 2006 07:49:35 +0000 (GMT)
	(envelope-from cscotts@mindspring.com)
Received: (qmail 47597 invoked from network); 7 Mar 2006 07:49:34 -0000
Received: from unknown (HELO ?192.168.1.100?) (unknown)
	by unknown with SMTP; 7 Mar 2006 07:49:34 -0000
X-pair-Authenticated: 69.209.26.167
In-Reply-To: <7.0.1.0.2.20060306044151.08607410@antimatter.net>
References: <013B73DF-99AA-4B20-BFB7-0A1130EBE780@mindspring.com>
	<7.0.1.0.2.20060306044151.08607410@antimatter.net>
Mime-Version: 1.0 (Apple Message framework v746.2)
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <FE6237A7-7A96-48D7-B956-C06D6B7BF2FC@mindspring.com>
Content-Transfer-Encoding: 7bit
From: Scott Sipe <cscotts@mindspring.com>
Date: Tue, 7 Mar 2006 01:49:33 -0600
To: Glenn Dawson <glenn@antimatter.net>
X-Mailer: Apple Mail (2.746.2)
Cc: questions@freebsd.org
Subject: Re: Apache auth question
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Mar 2006 07:49:36 -0000


On Mar 6, 2006, at 6:52 AM, Glenn Dawson wrote:

> At 03:56 AM 3/6/2006, Scott Sipe wrote:
>
>> I am dealing with a company LAN that lives behind an OpenBSD based
>> firewall+NAT machine. All internal machines have 10.x.x.x addresses.
>>
>> One of the internal machines acts as an intranet webserver. Everyone
>> in the building should be able to access it.
>>
>> I would ALSO like to expose it to the outside, and have outside
>> requests authenticate. So everyone with a 10.x.x.x still has no
>> limits, and external addresses after authenticating with a  
>> username/ password have full access. Is this possible to do with  
>> apache2 config
>> files?
>
> Something like this should do what you want:
>
> <Directory /docroot>
>     AuthType basic
>     AuthName "foo"
>     AuthUserFile /path/to/htpasswds
>     Order Deny,Allow
>     Deny from all
>     Require valid-user
>     Allow from 10.0.0.0/16
>     Satisfy any
> </Directory>

That got it perfectly, adding the "Satisfy any" line was what I had  
been missing.. thanks much!

Scott