I want to create a subdomain to be used as a staging environment. I don't want it to be publicly accessible and I want to avoid using htaccess. (e.g. dev.example.com)
The subdomain should be restricted to certain IP addresses, which will be stored in a MySQL table and regularly updated. (I'm running PHP 5.6/Apache/Centos 7)
What is the best way to do this?
I could add a PHP check for $_SERVER['REMOTE_ADDR'] in my config, however, images and javascript files would still be publicly accessible.
What's your reasoning for not wanting a htaccess file?
The htaccess files provide an extension to the central configuration file for the httpd - anything which goes in there can go in a <directory> or <location> block in the httpd.conf or vhost configuration (and vice versa).
which will be stored in a MySQL table
Apache won't read its config directly from MySQL. Nor will lots of other things you might use to manage access (e.g. a second webserver instance on a different port). While I suppose you could deploy squid as a reverse proxy with a url-rewriter which reads from the database, this looks like a lot of work.
Relying on IP addresses for authentication is generally considered a bad idea in the first place.
I would recommend either using client certs or restrict the access to 127.0.0.1 and connect with an ssh tunnel.
