CODEWITHSUNDEEP
apache.htaccess
Jay
Jay

Reputation: 93

Conditionally require HTTP authentication depending on apache env variable

My hosting has multiple deployments of my site (dev, stage, production). How can I add HTTP Auth headers in my htaccess file if and only if the enviornment variable that they set is equal to 'dev'? (meaning they set a variable called SITE_ENVIRONMENT that can be dev, stage, or prod depending on which site you're accessing.

PS. I'm familiar with requiring authorization from htaccess in vanilla ways, but I'm totally lost when it comes to evaluating variables or writing a block based on the outcome.

Upvotes: 8

Views: 6493

Answers (2)

aowie1
aowie1

Reputation: 846

You can use SetEnvIf to pattern match the domain and determine which environment to use. 

SetEnvIfNoCase Host ^dev.domain.com$ is_on_dev_site

AuthType Basic
AuthName "Protected Login"
AuthUserFile /path/to/.htpasswd
AuthGroupFile /dev/null
Require valid-user
Deny from env=is_on_dev_site
#allow something like API usage to bypass
SetEnvIf Request_URI "(/api/.(.*))$" allow
Order deny,allow
Allow from env=allow
Satisfy any

Man: http://httpd.apache.org/docs/2.2/mod/mod_setenvif.html

Upvotes: 16

iandouglas
iandouglas

Reputation: 4306

I'm not sure this is possible.

Theoreticaly, you can use:

RewriteCond %{ENV:SITE_ENVIRONMENT} ^dev$

to determine which environment you're in, but I can't think of how to write the RewriteRule to force a basic auth... unless you redirected to another page which handles the basic auth and resets the SITE_ENVIRONMENT variable to "dev-authenticated" or something.

Upvotes: -1

Related Questions