From 609dfdec38a6d87bc76fb2710308faa84c644065 Mon Sep 17 00:00:00 2001
From: Eric Zillmann <zillmann@arocom.de>
Date: Thu, 21 Nov 2019 12:51:17 +0100
Subject: [PATCH] ansible-inventories/arocom#2856 proposal for a more generic
 approach for ips and users

---
 templates/vhost.conf | 23 +++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/templates/vhost.conf b/templates/vhost.conf
index 9424787..abf74a0 100644
--- a/templates/vhost.conf
+++ b/templates/vhost.conf
@@ -89,22 +89,30 @@
 {% if drupal_domain.apache_auth is defined and drupal_domain.apache_auth.active|default('true') == 'true' %}
     AuthType {{ drupal_domain.apache_auth.type }}
     AuthName "{{ drupal_domain.apache_auth.name }}"
-{% if drupal_domain.apache_auth.passwdfile is defined %}
-    AuthUserFile {{ webRoot }}/passwords/{{ drupal_domain.apache_auth.passwdfile }}
-{% else %}
     AuthUserFile {{ webRoot }}/passwords/{{ drupal_domain.apache_auth.user }}
+{% if drupal_domain.apache_auth.ips is defined %}
+{% for ip in drupal_domain.apache_auth.ips %}
+    SetEnvIF X-Forwarded-For ^{{ ip|regex_escape() }}$ AllowIP
+{% endfor %}
 {% endif %}
-{% if drupal_domain.apache_auth.manual_auth is defined %}
-    {{ drupal_domain.apache_auth.manual_auth }}
-{% else %}
-{% if drupal_domain.apache_auth.extra_users is defined %}
+{% if drupal_domain.apache_auth.extra_users is defined or drupal_domain.apache_auth.ips is defined %}
     <RequireAny>
+{% if drupal_domain.apache_auth.extra_users is defined %}
 {% for user in drupal_domain.apache_auth.extra_users %}
       <RequireAll>
+{% if user.expression is defined %}
         Require expr "{{ user.expression }}"
+{% endif %}
         Require user {{ user.user }}
       </RequireAll>
 {% endfor %}
+{% endif %}
+{% if drupal_domain.apache_auth.ips is defined %}
+      Require env AllowIP
+{% for ip in drupal_domain.apache_auth.ips %}
+      Require ip {{ ip }}
+{% endfor %}
+{% endif %}
       <RequireAll>
         Require {% if drupal_domain.apache_auth.password is defined %}user {{ drupal_domain.apache_auth.user }}{% else %}all granted{% endif %}
 
@@ -113,7 +121,6 @@
 {% else %}
     Require user {{ drupal_domain.apache_auth.user }}
 {% endif %}
-{% endif %}
 {% else %}
 {% if apache_version|default('2.4') == '2.2' %}
     Order allow,deny
-- 
GitLab