htaccess conditionals

Question

I have setup htpasswd authentication on my live site and it works great, but I don't want to be asked for a password when I am working on the development environment.

In my httpd.conf file I have:

SetEnv APP_ENV "development"

In my .htaccess file I have:

AuthName "Restricted Area"
AuthType Basic
AuthUserFile /path/to/file/.htpasswd
AuthGroupFile /dev/null
require valid-user

I was wondering if there was anyway of putting a conditional around the htppasswd stuff so that when APP_ENV is development that I don't get prompted for a password.

Is this possible?

Answer 1

If you are able to, you should think about upgrading to Apache 2.4 (or the latest 2.3 beta build since 2.4 isn't quite released yet).

One of the new features available are Authorization Containers - making it much simpler to define access requirements using the Require directive.

You should end up with something like:

AuthName "Restricted Area"
AuthType Basic
AuthUserFile /path/to/file/.htpasswd
AuthGroupFile /path/to/file/groups

SetEnv APP_ENV "development"

<RequireAll>
  <RequireAny>
    <RequireAll>
      #main requirements
      Require group user
      #other conditions if needed for non-dev/non-local
    </RequireAll>

    <RequireAll>
      #allow direct if development
      Require env APP_ENV development
    </RequireAll>

    <RequireAll>
      <RequireAny>
        #allow loopback and local network
        Require ip 127.0.0.1
        Require ip 10.2
      </RequireAny>
    </RequireAll>
  <RequireAny>

  #other conditions if needed for everyone

  <RequireNone>
    #blacklist
  </RequireNone>
</RequireAll>