How to allow specific IPs to connect to a lighttpd webserver, and have the others use mod_auth

---

Situation

You protect your web applications using lighttpd's mod_auth.

You'd like to have some users (say, your office) access the server without having to log in.

Configuration

Filter the configuration based on your users' IPs.

$HTTP["remoteip"] != "203.0.113.92" {
    auth.backend = "ldap"
    auth.backend.ldap.hostname = "10.0.10.13"
    auth.backend.ldap.base-dn  = "ou=people,dc=example,dc=com"
    auth.backend.ldap.filter   = "(&(uid=$)(memberOf=cn=some_group,ou=sgroups,dc=example,dc=com))"
    auth.backend.ldap.bind-dn  = "cn=our_lighttpd_user,ou=services_ro,dc=example,dc=com"
    auth.backend.ldap.bind-pw  = "qdkdfsgbxxcvbiuoisj"
    auth.backend.ldap.allow-empty-pw = "disable"
    auth.require = ( "" => (
            "method"  => "basic",
            "realm"   => "Our superb realm",
            "require" => "valid-user"
        )
    )
}

If you're using a reverse proxy, use mod_extforward to retrieve the correct IPs.

server.modules += ( "mod_extforward" )
extforward.forwarder = ("198.51.100.156" => "trust")

Reference:

• Docs ModAuth - Lighttpd - lighty labs
• Docs ModExtForward - Lighttpd - lighty labs

---