Don't use htpasswd if coming from local host

Question

I have a development site that, for an additional layer of protection to keep preying eyes away, I have behind a htpasswd file. However, I'm getting tired of typing in the username and password when I'm running test on the server. So I thought it would be cool if I could check to see if the REMOTE_ADDR = the Server's IP, to skip those lines in the htaccess file by doing the following

RewriteEngine on

RewriteCond %{REMOTE_ADDR} ^127.0.0.1 [OR]
RewriteCond %{REMOTE_ADDR} ^192.168.1.25
RewriteRule ^(.*)$ - [S=5]

AuthName "Protected Folder"
AuthType Basic
AuthUserFile /var/www/html/develSite/.htpasswd
Require valid-user

however, it is not skipping over the lines and thus prompting me still. I was hoping someone might lead me to what is missing.

score 9 · Accepted Answer · answered Sep 24 '09 at 16:33

9

Insted of mod_rewrite, you need to use the Satisfy directive:

Require valid-user
Allow from 127.0.0.1, 192.168.1.25
Satisfy Any

answered Sep 24 '09 at 16:33

hdanniel

4,253
22
25

1

works with one minor correction; ips needed to be seperated by a space not a comma. thanks – Scott Sep 24 '09 at 17:48

Don't use htpasswd if coming from local host

1 Answers1