In Apache, what would be the best way to only give access to users

Question

0

Editorial Team

Asked: May 19, 20262026-05-19T15:53:38+00:00 2026-05-19T15:53:38+00:00

In Apache, what would be the best way to only give access to users

0

In Apache, what would be the best way to only give access to users who pass the two following tests:

User does not appear in blacklist (alternatively, appears in whitelist)
User has valid LDAP user account

I already have the second test in place but I now need to bar some of the valid LDAP users. Note that I cannot create an AD group to represent my black/white list.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-19T15:53:38+00:00

I have managed to do that using

mod_auth_ldap to authenticate valid users
mod_authz_host to blacklist IP ranges

The config then looks something like:

    <Location /blacklisted >
        AuthType Basic
        AuthName "PAM"

        AuthBasicProvider ldap
        Require valid-user
        AuthLDAPURL ldap://ldap.example.com/?sAMAccountName?sub
        AuthzLDAPAuthoritative off
        AuthLDAPBindDN bindUser@example.com
        AuthLDAPBindPassword verySecurePasswd

        Order allow,deny
        Deny from 192.168.1
        Allow from all
    </Location>

However, I still don’t know whether that would be feasible if I wanted to blacklist LDAP usernames instead of IP addresses. (Covener seems to suggest some complex config could do it but I haven’t tried it).

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

In Apache, what would be the best way to only give access to users

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply