Restrict httpauth to a single IP address
seanr - December 12, 2007 - 23:47
| Project: | HTTP authentication |
| Version: | 5.x-1.x-dev |
| Component: | Code |
| Category: | feature request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Jump to:
Description
I'd like to find out if there's a way to restrict httpauth to a single IP address, giving everyone else the normal Drupal form. I know enough PHP to be dangerous, but not really sure where to start looking with this one and I don't have a whole lot of time to spend digging (client needs this yesterday, of course). If you could point me in the right direction, I'd really appreciate the help.
#1
seanr,
A quick and dirty option to get this to work quickly is to hardcode an IP check in the function
httpauth_init. Changeif (!variable_get('httpauth_status', FALSE)) {toif (!variable_get('httpauth_status', FALSE) || !(YOUR IP CHECK HERE)) {. You should use some$_SERVERvariable to do the IP check.In order for this to make a useful feature in httpauth, we need to add a preference that allows admins to configure one or more IPs (or maybe even subnets) that are allowed to use HTTP authentication.
#2
This isn't quite what you want, but depending on the situation it might be helpful anyway:
http://drupal.org/node/210350