I have a rule in my app (in /.htaccess) that sets a htpassword for access to the site. We need this on the remote server, because we don't want anyone except us seeing it.
However, on the local server, I don't want to deal with the htpassword mess. Is there any way that I can make the rule valid only if the domain isn't "localhost", or something of a similar variety?
I'm using PHP as a backend language, so if there's a way I can solve it with PHP, that would be great.
Thanks for any help in advance.
Edit - The offending code:
authtype basic
authgroupfile /dev/null
authuserfile /path/to/htpassword
authname "Secure Area"
require user username
http://httpd.apache.org/docs/current/howto/auth.html#satisfy
AuthType Basic
AuthName intranet
AuthUserFile /www/passwd/users
AuthGroupFile /www/passwd/groups
Require group customers
Order allow,deny
Allow from internal.com
Satisfy any
RewriteCond %{HTTP_HOST} your_remote_hostname
Add that condition in (obviously replacing the relevant part with your hostname) before the RewriteRule line.
You can use the require directive:
Require all granted Access is allowed unconditionally. Require all denied Access is denied unconditionally. Require env env-var [env-var] ... Access is allowed only if one of the given environment variables is set. Require method http-method [http-method] ... Access is allowed only for the given HTTP methods. Require expr expression Access is allowed if expression evaluates to true.
Some of the allowed syntaxes provided by mod_authz_user, mod_authz_host, and mod_authz_groupfile are:
Require user userid [userid] ... Only the named users can access the resource. Require group group-name [group-name] ... Only users in the named groups can access the resource. Require valid-user All valid users can access the resource. Require ip 10 172.20 192.168.2 Clients in the specified IP address ranges can access the resource.
authtype basic
authgroupfile /dev/null
authuserfile /path/to/htpassword
authname "Secure Area"
require user username
require ip 10.10.10.10