I'd like to find out if there's a way to restrict httpauth to a single IP address, giving everyone else the normal Drupal form. I know enough PHP to be dangerous, but not really sure where to start looking with this one and I don't have a whole lot of time to spend digging (client needs this yesterday, of course). If you could point me in the right direction, I'd really appreciate the help.

Comments

decafdennis’s picture

decafdennis commented
Category: support » feature

seanr,

A quick and dirty option to get this to work quickly is to hardcode an IP check in the function httpauth_init. Change if (!variable_get('httpauth_status', FALSE)) { to if (!variable_get('httpauth_status', FALSE) || !(YOUR IP CHECK HERE)) {. You should use some $_SERVER variable to do the IP check.

In order for this to make a useful feature in httpauth, we need to add a preference that allows admins to configure one or more IPs (or maybe even subnets) that are allowed to use HTTP authentication.

gengel’s picture

gengel commented

This isn't quite what you want, but depending on the situation it might be helpful anyway:

http://drupal.org/node/210350

decafdennis’s picture

decafdennis commented
Status: Active » Closed (won't fix)