0

I am using htaccess to block all access to our dev server with the following code:

AuthType Basic
AuthName "Auth"
AuthUserFile /var/htpasswd
Require valid-user
Order allow,deny
Satisfy any

I have set a variable in Apache httpd.conf called DEV. I am using it for my config files in php but how would I use it only to use the auth when the DEV setting

Jacinto
  • 101
  • It's not clear what you are trying to do. can you paste what you mean by setting a DEV variable in httpd.conf? – Tom May 13 '12 at 06:17
  • I have an environmental variable that I set in httpd.conf called DEV. I want to only require authentication when that variable is set to DEV. Does that make sense? – Jacinto May 13 '12 at 07:14
  • If you paste the full output of what you have set, that might help. (this is probably going to need both the php usage, and what you have done in httpd.conf) – Tom May 13 '12 at 07:20
  • It's likely that there is some "more orthodox" way to achieve what you are referring to, so you might want to state your requirements as well. – Tom May 13 '12 at 07:21
  • What I posted there is my entire htaccess. What I am trying to achieve is to make my dev site protected so that no one can access it. The fastest way I can think of without writing a php auth system was to use the htaccess. however if I just have this code in there then my production site requires a password to. – Jacinto May 13 '12 at 07:43
  • how is the dev site separate from production? are they different subdirectories, or php files? – Tom May 13 '12 at 07:52
  • they are different servers. Thats why I wanted to use the variables. – Jacinto May 13 '12 at 08:01
  • use setenvif. see [a related topic][1] [1]: http://serverfault.com/questions/329372/htaccess-auth-based-on-server-not-client-information/329381#329381 – user237419 May 13 '12 at 08:28

1 Answers1

2

if the request is not for the production environment then request auth. define "any" of these two rules as sufficient 

AuthType Basic
AuthName "Auth"
AuthUserFile /var/htpasswd
allow from env=PRODUCTION
require valid-user
satisfy any
user237419
  • 1,663
  • 8
  • 8
  • that did not work for me. If I create another variable based on the url it works though but is there no way to just use the variable I already have? – Jacinto May 13 '12 at 08:44
  • did you use setenvif to set your DEV variable? I assumed so. also updated my post to explain satisfy directive – user237419 May 13 '12 at 08:49
  • I dont understand I cant just use the variable I set in httpd.conf? – Jacinto May 13 '12 at 09:29
  • well how did you set the variable? normally a user variable is made available through the lifetime of an http request using setenv apache module (within apache config, that is). so how did you set yours cuz i'm curious? – user237419 May 13 '12 at 11:39
  • in httpd.conf I added this `SetEnv ENV dev` – Jacinto May 13 '12 at 18:58
  • When I change the variable to `allow from ENV=DEV` now it password protects but it does this for production to. – Jacinto May 13 '12 at 19:04
  • oh, I get it now. use a PROD env var instead to mark production website with "satisfy any"? so if the request doesn't come market PROD it will request auth. I updated my answer – user237419 May 13 '12 at 19:19