TechQA.

Is there a way to bypass mod_auth_openidc module used in an Apache Web Server for some users/IP ranges/service-calls?

762 views Asked by At

For a web app, we have used an Apache Web Server with mod_auth_openidc module as an authentication layer; it sits in front of our web app.

There's a requirement to let requests from some services (eg. a web crawler, to crawl the web app) to bypass this OIDC layer. Is there a way to add this override or bypass mod_auth_openidc for request from some users, services, or maybe even an IP range?

I've tried to look around in the list of configuration options, but couldn't find any config that does that, yet.

apache webserver reverse-proxy openid-connect mod-auth-openidc
Original Q&A
1

There are 1 answers

0
Hans Z. On

You should be able to use the standard <If> directive - see https://httpd.apache.org/docs/current/mod/core.html#if - with expression matching of some header/ip as described in https://httpd.apache.org/docs/current/expr.html so, e.g:

<If "-R '192.168.1.0/24'">
    Require ip 192.168.1.1
</If>
<Else>
    AuthType openid-connect
    Require valid-user
</Else>

Be aware that header spoofing is easy though, local IP matching is probably the safest choice.

Related Questions in APACHE

Related Questions in WEBSERVER

Related Questions in REVERSE-PROXY

Related Questions in OPENID-CONNECT

Related Questions in MOD-AUTH-OPENIDC

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions