Password protecting different environments on your website through .htaccess

10 years ago
Aaron Belchamber
1 minute

Apache .htaccess directives are pretty straight forward.  The “SetEnvIf” that passes different values if the conditions are met then are processed by the standard Deny/Allow directive.  Here’s a sample from Apache’s documentation:

#allow a single uri through .htaccess password protection
SetEnvIf Request_URI "/test_uri$" test_uri

 
#allows everything if its on a certain host
SetEnvIf HOST "^test.yoursite.com" test_subdomain_url

SetEnvIf HOST "^yoursite.com" live_url

Order Deny,Allow


AuthName "Restricted Area"
AuthType Basic
AuthUserFile /path/to/your/.htpasswd
AuthGroupFile /

Require valid-user

#Allow valid-user

Deny from all
Allow from env=test_uri
Allow from env=test_subdomain_url
Allow from env=live_url
Satisfy any

This is handy in case you want to control all password protected areas of your site all in one place.  I have even added an admin interface that can add new environments to the web root’s .htaccess file on the fly.  This is a simple way to improve your web security for different sections and works great!

Leave a Reply 0

Your email address will not be published. Required fields are marked *