.htaccess IF directory exists

Question

I have a development server and a live server. Both use the same .htaccess but I want the development server to be password protected. When I copy the .htaccess file over to the live, I get a 500 error. Does .htaccess offer some way to only password protect directories using conditionals like IF?

what I'm using:

<Directory "/home/my/path/to/development/site/">
  AuthName "Restricted Area 52" 
  AuthType Basic 
  AuthUserFile /home/my/path/to/development/site/.htpasswd 
  AuthGroupFile /dev/null 
  require valid-user
</Directory>

Could really use some help.

Answer 1

You can't have <Directory> containers inside an htaccess file, but you can conditionally turn on or off HTTP auth based on an environment varaible.

So for example, say your production site is http://production.example.com and your dev site is http://dev.example.com then you can check against the HTTP Host and set an environment variable:

SetEnvIfNoCase Host ^dev\.example\.com$ require_auth=true

Or, if the path is different, say your production site is http://example.com/ and dev site is http://example.com/dev/, then you can check against the requested URI:

SetEnvIfNoCase Request_URI ^/dev/ require_auth=true

There's several other checks you can make that's outlined in the mod_setenvif. Either way, you want to set require_auth=true when it's a request for dev. Then you setup your auth stuff to use Satisfy Any:

# Auth stuff
AuthUserFile /home/my/path/to/development/site/.htpasswd 
AuthName "Restricted Area 52"
AuthType Basic

# Setup a deny/allow
Order Deny,Allow
# Deny from everyone
Deny from all
# except if either of these are satisfied
Satisfy any
# 1. a valid authenticated user
Require valid-user
# or 2. the "require_auth" var is NOT set
Allow from env=!require_auth

So if require_auth isn't set, then no auth is required, and your SetenvIf should set it if it's a dev request.