damonky.co.uk » security http://www.damonky.co.uk Just another WordPress weblog Sun, 04 Apr 2010 19:31:44 +0000 http://wordpress.org/?v=2.8.6 en hourly 1 Conditional Authentication using .htaccess http://www.damonky.co.uk/general/conditional-authentication-using-htaccess/ http://www.damonky.co.uk/general/conditional-authentication-using-htaccess/#comments Wed, 11 Nov 2009 13:15:00 +0000 admin http://www.damonky.co.uk/?p=239 Working on sites very close to live is always tricky. Clients want to use the site unhindered, you want to check it through before it goes live. The one thing you don’t want happen is for the public to discover and access the site before it goes live.

The code below allows only grant access without authentication to a set of IP’s / domains. Any request from a  domain not in this list will be asked to authenticate. Satisfy any allows the .htaccess to grant permission to anyone who meets the two key criteria. In the example you will note that google’s domains have been allowed through so as not to affect SEO too much. Replace 123.123.123.123 with your IP, or that of whoever you wish to access the site. I am yet however to find one that works for dynamic IP’s – wouldn’t that be neat :D

You will of course need to create a .htpasswd file. a good generator can be found at http://www.htaccesstools.com/htpasswd-generator/ along with a load of other goodies.

#require authentication of requests
AuthName "Restricted Area"
AuthUserFile /var/www/.htpasswd
AuthType basic
Require valid-user
#deny access to all, allow for selected ip's / domains
Order Deny,Allow
Deny from all
Allow from 123.123.123.123 googlebot.com google.com google-analytics.com
#if any of these rules are satisfied they may proceed
Satisfy Any

]]> http://www.damonky.co.uk/general/conditional-authentication-using-htaccess/feed/ 0