.htaccess to authenticate only outside of the office…
An old tip I had from my goodies bag, saw it the other day so I thought I’d add it here for someone who wants it.
If you’re setting up a server and you want to be able to visit the www served pages without the pestering .htaccess dialogues while at work but still want the minimum security outside the office here’s what I’ve come up with that works just fine! (The method can be a bare minimum strategy when your development/internal server is made public because your IT hasn’t implemented a VPN yet…)
.htaccess content:
order deny,allow
# Lets deny everyone -- its a clean slate!
deny from all
# Now lets make a list of only those we wish to allow access to
# The main office's IP
allow from XXX.XXX.XXX.XXX
# (Remote employees might want to use development servers too!)
allow from YYY.YYY.YYY.YYY
# Don't forget to replace the XXXs and YYYs with your applicable IP addresses.
# Ok -- now that we've placed one criteria - let's see if we can allow access for those not quialified above.
authtype Basic
authuserfile /path/to/htpasswd-file
require valid-user
# Here's the important kicker -- this will make sure at least one of the above is required. You could super-restrict with "satisify all" but that's no fun!
satisfy any
Discussion Area - Leave a Comment