How to allow specific IPs to connect to a lighttpd webserver, and have the others use mod_auth


October 2014.
Image

Situation


You protect your web applications using lighttpd's mod_auth.

You'd like to have some users (say, your office) access the server without having to log in.

Configuration


Filter the configuration based on your users' IPs.

$HTTP["remoteip"] != "203.0.113.92" {
auth.backend = "ldap"
auth.backend.ldap.hostname = "10.0.10.13"
auth.backend.ldap.base-dn = "ou=people,dc=example,dc=com"
auth.backend.ldap.filter = "(&(uid=$)(memberOf=cn=some_group,ou=sgroups,dc=example,dc=com))"
auth.backend.ldap.bind-dn = "cn=our_lighttpd_user,ou=services_ro,dc=example,dc=com"
auth.backend.ldap.bind-pw = "qdkdfsgbxxcvbiuoisj"
auth.backend.ldap.allow-empty-pw = "disable"
auth.require = ( "" => (
"method" => "basic",
"realm" => "Our superb realm",
"require" => "valid-user"
)
)
}


If you're using a reverse proxy, use mod_extforward to retrieve the correct IPs.

server.modules += ( "mod_extforward" )
extforward.forwarder = ("198.51.100.156" => "trust")

Reference: