Category Archives: Apache 2

An .htpasswd with an IP bypass

Hello everyone,

today is about some Apache “trick” to restrict access on your website. It’s using .htpasswd as you may know. A common problem with .htpasswd is to restrict access with a password, the thing is that you don’t want to type a password all the time, who remembers it? We are all so lazy … me first 🙂
So here goes a configuration which gives you the possiblity to bypass the password for a set of allowed IPs, domains, etc …

This configuration can go into an .htaccess or a virtualhost:

<Location />
        AuthUserFile /path/to/the/.htpasswd
        AuthName "Restricted area"
        AuthType Basic
        require valid-user
        Satisfy Any
        Order allow,deny
        Allow from 12.12.12.12
</Location>

How does it work?
If your IP is 12.12.12.12 then you won’t be asked for the password, but if you have a different IP, then you have to remember the password !
Voilà 🙂

How to restrict php directives using php_admin_value and php_admin_flag

Let’s say you are dealing with a shared Apache server running PHP as an Apache module, you have several websites running, and you don’t want to let some php directives being changed. You allow the modifications of the directives such as  display_errors but you don’t want memory_limit to be changed by any of the users (let’s say 128M) also, you don’t want to say that your server runs PHP (i.e expose_php off).

It’s possible to change the values of the php.ini directives in three differents ways:

  • apache configuration (i.e virtualhost(s), apache2.conf, etc …)
  • .htaccess (if AllowOverride Options or AllowOverride All)
  • ini_set function

There are two ways to force the values of the php directives and make them unchangeable from .htaccess or with ini_set function.

php_admin_value <setting> <value>

This one forces a directive to a certain value (non boolean), for example:

php_admin_value memory_limit 128M

We force memory_limit to 128M.

php_admin_flag <setting> <on|off>

This one does the same but for a boolean value, for example:

php_admin_flag expose_php off

There the directive expose_php will be unset.

To do this for ALL the websites on your server, you can edit your /etc/apache2/apache2.conf (may change if you have httpd) and put this content at the end:

Include php_restrictions

Create the file  /etc/apache2/php_restrictions, and add this content:

php_admin_value memory_limit 200M
php_admin_flag expose_php off

You can add as many rules as you wish, then reload your webserver like that (may change if you have httpd):

/etc/init.d/apache2 reload

To do this for only ONE specific website (i.e virtualhost), just set the rules inside the virtualhost like that:

NameVirtualHost www.test.com:80
<VirtualHost www.test.com:80>
    ServerName test.com
    ServerAlias www.test.com 
    DocumentRoot /var/www/test
    # now the rules
    php_admin_value memory_limit 128M
    php_admin_flag expose_php off
</VirtualHost>

This will apply only to the www.test.com website.

Then you need to reload the webserver too.

VoilĂ , you have restricted some directives and some others are still changeable.

Though, some directives cannot be changed inside apache2.conf or virtualhost(s), you may check the documentation .