How to setup httpd server with no authentication for localhost

[Luis Pugoy]

Hello all. I am using 5.2.5. I am trying to setup the httpd server so that it can be accessed both globally (but only read-only) and from within localhost (with read-write access). This is the relevant part in monitrc:

  set httpd port 9990 and
      allow admin:password readonly # password is obscured
      allow localhost

Using that configuration, when I try to access the httpd server through the internet, only a blank page is shown. And the following entry was logged by monit:

monit: Denied connection from non-authorized client [xxx.xxx.xxx.xxx]

Likewise, the command "monit status" executed from localhost returned the following error:

monit: cannot read status from the monit daemon

Using curl to connect to the monit server from localhost returned a "401 Unauthorized You are not authorized to access monit" but supplying the given username and password was successful.

It seems to me that rather than using either condition (allow user admin with read access only OR allow localhost with full access), monit uses both conditions when checking access to the httpd server. How can I configure monit to use only either one? Thanks a lot for your time.