Finally, state which type of user is authorized to use the resource. You do this
with the require directive. The three ways to use this directive are as
follows:
If you specify valid-user as an option, any user in the user file is
allowed to access the resource (provided that she also enters the correct
password).
You can specify a list of users who are allowed access with the users
option.
You can specify a list of groups with the group option. Entries in the
group list, as well as the user list, are separated by spaces.Returning to the server-status example you saw earlier, instead of
letting users access the server-status resource based on hostname, you
can require the users to be authenticated to access the resource. You can do so
with the following entry in the configuration file:
Click here to view code image
<Location /server-status>
SetHandler server-status
AuthType Basic
AuthName "Server status"
AuthUserFile "gnulixusers"
Require valid-user
Final Words on Access Control
If you have host-based as well as user-based access protection on a resource,
the default behavior of Apache is to require the requester to satisfy both
controls. But say that you want to mix host-based and user-based protection
and allow access to a resource if either method succeeds. You can do so by
using the satisfy directive. You can set the satisfy directive to All
(which is the default) or Any. When set to All, all access control methods
must be satisfied before the resource is served. If satisfy is set to Any, the
resource is served if any access condition is met.
Here’s another access control example, again using the previous server-
status example but this time combining access methods so all users from
the Gnulix domain are allowed access and those from outside the domain
must identify themselves before gaining access:
Click here to view code image