Allow Amazon CDN to bypass HTTP Basic Authentication

Question

I am trying to allow Amazon CDN to access the resources on my password-protected staging site (HTTP Basic Authentication). This is the code I have in the httpd.conf file for it:

NameVirtualHost *:80
<VirtualHost *:80>
    ServerName staging.domain.com
    DocumentRoot /var/www/html
    <Directory "/var/www/html/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride all
        AuthName "Development Access"
        AuthType Basic
        AuthUserFile /path/to/password.htpasswd
        Require valid-user
        SetEnvIf User-Agent "^Amazon.*" cdn
        Order allow,deny
        Allow from env=cdn
    </Directory>
</Virtualhost>

I'm using SetEnvIf to assign a variable if the user agent is Amazon and then just allowing it, but this is not working. Can somebody please help me out with this one?

Answer 1

If you have Apache 2 and possibly the requirement to access the resources with HTTP Auth, this has worked for me:

<Directory /var/www/yourwebdirectory>
    SetEnvIf User-Agent "^Amazon.*" cdn
    AuthUserFile /etc/apache2/.htpasswd.forthissite
    AuthType Basic
    AuthName "My Files"
    Require valid-user
    Order allow,deny
    Allow from env=cdn
    Satisfy Any 
</Directory>

Answer 2

the problem is that a valid user is required to get to the content, indifferent of the user agent used.

Give this article in the Apache Manual a read, specifically take a look at the RequireAny bit. That allows you to setup the rules with the complexity you require. Your config code would look something like this.

SetEnvIf User-Agent "^Amazon.*" cdn
<RequireAny>
     Require valid-user
     Require cdn
</RequireAny>

This only works on Apache 2.4 upwards. On 2.2 you can look at this article in the Apache Wiki and specially to the Satisfy Any directive. Hope this helps.