Limitations of using "require user" multiple times in .htaccess in an Apache config?

Asked Feb 15 '19 at 10:56

Active Feb 21 '19 at 09:02

Viewed 3,266 times

Access to a Apache website can be controlled with a line as

Require user john paul george ringo

in a .htaccess file. See https://httpd.apache.org/docs/2.4/mod/mod_authz_user.html. This same rule can also be written in multiple lines such as

Require user john 
Require user paul 
Require user george 
Require user ringo

My questions:

Is there any known limit on the number of usernames that can be included in a .htaccess file?
Does it make any difference using the single- versus multi-line approach?

edited Feb 21 '19 at 09:02

asked Feb 15 '19 at 10:56

Cie6ohpa

6

Definitely don't hardcode 400+ names in an .htaccess file. Instead of `Require user` look for a way to use `Require group`. You might need to consider carefully what mechanism to use for representing groups. I would personally hunt for a way to store this all in LDAP (or MS Active Directory) and build it into single sign on. – Philip Couling Feb 15 '19 at 11:10

0 Answers0