Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Conditionally require HTTP authentication depending on apache env variable

My hosting has multiple deployments of my site (dev, stage, production). How can I add HTTP Auth headers in my htaccess file if and only if the enviornment variable that they set is equal to 'dev'? (meaning they set a variable called SITE_ENVIRONMENT that can be dev, stage, or prod depending on which site you're accessing.

PS. I'm familiar with requiring authorization from htaccess in vanilla ways, but I'm totally lost when it comes to evaluating variables or writing a block based on the outcome.

like image 228
Jay Avatar asked Apr 30 '11 23:04

Jay


1 Answers

You can use SetEnvIf to pattern match the domain and determine which environment to use.

SetEnvIfNoCase Host ^dev.domain.com$ is_on_dev_site

AuthType Basic
AuthName "Protected Login"
AuthUserFile /path/to/.htpasswd
AuthGroupFile /dev/null
Require valid-user
Deny from env=is_on_dev_site
#allow something like API usage to bypass
SetEnvIf Request_URI "(/api/.(.*))$" allow
Order deny,allow
Allow from env=allow
Satisfy any

Man: http://httpd.apache.org/docs/2.2/mod/mod_setenvif.html

like image 144
aowie1 Avatar answered Oct 04 '22 22:10

aowie1