.htaccess: combine IP block and basic auth
Question
What I want to achieve:
- one .htaccess file for production and staging
- basic auth protection for staging environment (based on hostname)
- block specific IP on both enviroments
What I tried so far:
SetEnvIfNoCase Host development\.foobar\.tld authRequired
<RequireAny>
<RequireAll>
Require all granted
Require not ip 1.2.3.4
</RequireAll>
<RequireAny>
<RequireAll>
Require all granted
Require not env authRequired
</RequireAll>
AuthType Basic
AuthName "Development"
AuthUserFile /path/to/.htpasswd
Require valid-user
</RequireAny>
</RequireAny>
My problem now is that the IP block is ignored. I've no idea how to properly nest the Require directives.
1 answers
solution1
0 2017-08-07 23:02:53
I have similar setup, but I'm not using password based authentication for it. However, I think that this approach should work for you too.
What you need to do is to store the result of the IP check in a variable for later use.
The code below is untested but I think it will work:
SetEnvIf X-Forwarded-For "^1\.2\.3\.4" reject-access
<If "%{HTTP_HOST} =~ /development\.foobar\.tld$/">
AuthType Basic
AuthName "Development"
AuthUserFile /path/to/.htpasswd
<RequireAll>
Require not env reject-access
Require valid-user
</RequireAll>
</If>
<Else>
<RequireAll>
Require not env reject-access
</RequireAll>
</Else>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
.htaccess basic auth combined with ip restriction
.htaccess basic auth by virtual host?
.htaccess block all but my ip
.htaccess password protection with ip block
.htaccess block local ip address
Allow paypal ipn to bypass Basic Auth in .htaccess
htaccess exclude one url from Basic Auth
htaccess File Basic Auth applying to other pages
htaccess exclude multiple url from Basic Auth
.htaccess - Disable basic auth for specific path
Related Tags