12

I have set up a dev site and want to password protect it so only validated visitors can view the site. All well and good. I am getting annoyed, on my local version, entering my username and password. So, without changing the htaccess file between my local copy and the one on the dev site, how do I password protect the site but allow myself access without having to enter my username and password?

Richard Parnaby-King
  • 14,703
  • 11
  • 69
  • 129

6 Answers6

17

Something like this should do the trick..

Require valid-user
Allow from 127.0.0.1
Satisfy Any

From: http://httpd.apache.org/docs/2.0/mod/core.html#satisfy

Ben
  • 3,922
  • 1
  • 22
  • 21
  • 5
    Not sure why, but when I used this the authentication totally breaks down and lets anyone see the protected area... I mean it works on my dev site as it should because my IP is 127.0.0.1, however when I publish it to the live server, it still just lets me in... not sure why. – Rick Kukiela Nov 16 '15 at 19:14
4

I've figured out a cool way to seperate Linux from Windows password files (because I develop in windows and then release to a linux production server).

I just wrote a php script with phpinfo(); on our local and prod server and found the apache module 'mod_win32' to seperate the two of them.

<IfModule mod_win32.c>
    AuthUserFile C:\xampplite\your\windows\path.passwd
</IfModule>
<IfModule !mod_win32.c>
    AuthUserFile "/your/linux/path/.passwd"
</IfModule>
AuthName "Please Login"

RewriteEngine On
AuthType Basic
Require valid-user
Luc
  • 985
  • 7
  • 10
2

Example for Windows:

AuthType Basic
AuthName "Password Protected Area"
AuthUserFile C:/Apache24/htdocs/.htpasswd
Require valid-user
Order allow,deny
Allow from localhost
Allow from 127.0.0.1
Satisfy Any
Chris Hucke
  • 21
  • 3
1

Presuming that you are fine entering the password on the dev site - put the auth directives in a VirtualHost on the dev site rather than in the .htaccess file - this way your auth is processed at a server level rather than a directory level.

Also, most modern browsers will probably save your password for you :)

David Miller
  • 2,189
  • 2
  • 15
  • 17
0

Since Apache 2.4 you can also surround your password protection by checking against the HTTP_HOST environment variable like this:

<If "%{HTTP_HOST} != 'localhost'">
    # Your password protection code
</If>

See also the answer from Mark Fox to the question about accessing the environment variables.

Community
  • 1
  • 1
Milania
  • 565
  • 7
  • 15
0

As discussed here you could use allow from to allow access from a specific host.

Community
  • 1
  • 1
Raghuram
  • 51,854
  • 11
  • 110
  • 122