Menu
I need to apply HTTP auth just in public use of website, but I don't apply it on my localhost. This is the .htaccess that I think should work. But it doesn't work - it still asks me for user/pass.
What am I doing wrong?
SetEnvIf Remote_Addr ^127\.0\.0\.1$ develmode
<IfDefine !develmode>
AuthType Basic
AuthName "ADMIN"
AuthUserFile /path/to/.htpasswd
Require valid-user
</IfDefine>
mod_setenvif is enabled of course.
504
You need to look at the order and satisfy keywords. Working example from my website is below. First we tell that we accept either the IP or USER. Then we define htpasswd file path and that we accept any valid user from that file. Finally we define which client IP addresses can access our web without auth (we deny all other IPs, so that they must auth via htpasswd).
# permit by USER || IP Satisfy any # USER AuthUserFile /var/www/munin/.htpasswd AuthGroupFile /dev/null AuthName "Password Protected Area" AuthType Basic require valid-user # IP order deny,allow deny from all allow from 11.22.33.
173
In Apache 2.4, allow, deny and satisfy are not used anymore, IP address restriction is also done with require now:
AuthUserFile /path/to/.htpasswd
AuthName "Restricted Access"
AuthType Basic
Require ip 127.0.0.1
Require valid-user
If any of the "Require" directives are fulfilled, the request is allowed. If you want to require both, group them in a <RequireAll> block.
For restriction to local access you can use the special syntax Require local instead of Require ip 127.0.0.1
Read more: http://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#require
40
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
