8

My hosting has multiple deployments of my site (dev, stage, production). How can I add HTTP Auth headers in my htaccess file if and only if the enviornment variable that they set is equal to 'dev'? (meaning they set a variable called SITE_ENVIRONMENT that can be dev, stage, or prod depending on which site you're accessing.

PS. I'm familiar with requiring authorization from htaccess in vanilla ways, but I'm totally lost when it comes to evaluating variables or writing a block based on the outcome.

Jay
  • 93
  • 1
  • 5
  • Related question: *[How to do conditional .htaccess password protect](http://stackoverflow.com/q/5252330/195835)* – Simon East Sep 23 '16 at 04:09

2 Answers2

16

You can use SetEnvIf to pattern match the domain and determine which environment to use. 

SetEnvIfNoCase Host ^dev.domain.com$ is_on_dev_site

AuthType Basic
AuthName "Protected Login"
AuthUserFile /path/to/.htpasswd
AuthGroupFile /dev/null
Require valid-user
Deny from env=is_on_dev_site
#allow something like API usage to bypass
SetEnvIf Request_URI "(/api/.(.*))$" allow
Order deny,allow
Allow from env=allow
Satisfy any

Man: http://httpd.apache.org/docs/2.2/mod/mod_setenvif.html

aowie1
  • 836
  • 8
  • 21
-1

I'm not sure this is possible.

Theoreticaly, you can use:

RewriteCond %{ENV:SITE_ENVIRONMENT} ^dev$

to determine which environment you're in, but I can't think of how to write the RewriteRule to force a basic auth... unless you redirected to another page which handles the basic auth and resets the SITE_ENVIRONMENT variable to "dev-authenticated" or something.

iandouglas
  • 4,146
  • 2
  • 33
  • 33
  • 1
    I confirmed this by chatting with some apache devs. There's no way to write a RewriteRule to trigger a basic auth, so you'll have to think of another approach. – iandouglas May 01 '11 at 00:39
  • ah, I see, thanks for the reply. After posting this, I reconsidered my approach, and since the different environments are deployed from a svn repository, I just made a dev site branch. – Jay May 01 '11 at 02:28