Password protecting different environments on your website through .htaccess

Apache .htaccess directives are pretty straight forward. The “SetEnvIf” that passes different values if the conditions are met then are processed by the standard Deny/Allow directive. Here’s a sample from Apache’s documentation:
#allow a single uri through .htaccess password protection SetEnvIf Request_URI "/test_uri$" test_uri #allows everything if its on a certain host SetEnvIf HOST "^test.yoursite.com" test_subdomain_url SetEnvIf HOST "^yoursite.com" live_url Order Deny,Allow AuthName "Restricted Area" AuthType Basic AuthUserFile /path/to/your/.htpasswd AuthGroupFile / Require valid-user #Allow valid-user Deny from all Allow from env=test_uri Allow from env=test_subdomain_url Allow from env=live_url Satisfy any
This is handy in case you want to control all password protected areas of your site all in one place. I have even added an admin interface that can add new environments to the web root’s .htaccess file on the fly. This is a simple way to improve your web security for different sections and works great!