Password protecting Apache Site for external users only

In order to make an intranet an extranet, you need to place the intranet on a server in the DMZ.
From here, configure a virtual server accordingly (e.g. intranet.site.com.au)

You will need to configure on an internal DNS (or smoothwall /etc/hosts when using a webproxy) a reference to intranet.site.com.au

Your global DNS for site.com.au should not have intranet specified. This should be invalid in some way. For example in my sites, I have a catch all domain that is an unknown.site.com.au and with wildcard DNS, any invalid domain URL’s in the *.site.com.au go here. For example, try http://intranet.ucb.com.au

Now, within your Apache Httpd conf VirtualHost directive you need to add the following.


<Directory "/home/intranet/www">
  Options Indexes

  Order deny,allow
  Deny from all
  Allow from 192.168.100
  Allow from 10.1.1
  Require valid-user
  Satisfy any

  AllowOverride AuthConfig
  AuthType Basic
  AuthName "Administration Access Only"
  AuthUserFile /home/intranet/.htaccess
</Directory>

You just need to create the appropiate .htaccess file, and restart Apache httpd. Access from the internal network is allowed via IP, and everything else must use the authentication model used.

To setup external access, I created a sepearate subdomain called extranet. To further restrict this past basic access, I configured to to connect to the firewall only on port 81, and then had a rule to redirect to port 80 on the DMZ machine.

So what I ended up with was:

http://intranet.site.com.au internally accesses the intranet.
http://intranet.site.com.au externally redirects to a custom invalid/unknown subdomain page
http://extranet.site.com.au throws a browser not error
http://extranet.site.com.au:81 prompts for a username/password to access intranet.