Password protecting different environments on your website through .htaccess

Apache .htaccess directives are pretty straight forward.  The “SetEnvIf” that passes different values if the conditions are met then are processed by the standard Deny/Allow directive.  Here’s a sample from Apache’s documentation:

#allow a single uri through .htaccess password protection
SetEnvIf Request_URI "/test_uri$" test_uri

 
#allows everything if its on a certain host
SetEnvIf HOST "^test.yoursite.com" test_subdomain_url

SetEnvIf HOST "^yoursite.com" live_url

Order Deny,Allow


AuthName "Restricted Area"
AuthType Basic
AuthUserFile /path/to/your/.htpasswd
AuthGroupFile /

Require valid-user

#Allow valid-user

Deny from all
Allow from env=test_uri
Allow from env=test_subdomain_url
Allow from env=live_url
Satisfy any

This is handy in case you want to control all password protected areas of your site all in one place.  I have even added an admin interface that can add new environments to the web root’s .htaccess file on the fly.  This is a simple way to improve your web security for different sections and works great!

About Author:

Senior Cloud Software Engineer and 25+ years experienced video production, video editing and 3D animation services for a variety of global clients including local video production here in Jacksonville, Florida.

Leave a Comment

Your email address will not be published. Required fields are marked *