joshkoenig/smart_auth.php

## smart_auth.php
<?php

# Here's how you can implement more nuanced logic for http auth.
# Note: this will not protect direct access to images, css, and js files.
# It will only block access to the site itself.
# It will also mean your site is not cached at the Pantheon edge at all.
#
# TODO: this will also block command-line access. To work around that
# we'd need to add an additional no-op check if the site is being accessed
# via Drush or WP-CLI.

if ($_SERVER['REMOTE_ADDR'] == 'office.ip.address') {
  # This is a no-op: developers from this ip are allowed.
}
elseif (isset($_SERVER['PHP_AUTH_USER']) &&
        $_SERVER['PHP_AUTH_USER'] == 'expected_user' &&
        $_SERVER['PHP_AUTH_PW'] == 'expected_pass') {
  # Also no-op: valid http-auth supplied!
}
else {
  # No auth and no ip. Challenge the user!
  header('WWW-Authenticate: Basic realm="Client Access"');
  header('HTTP/1.0 401 Unauthorized');
  echo 'Access to this site requires authentication.';
  exit;
}
	<?php

	# Here's how you can implement more nuanced logic for http auth.
	# Note: this will not protect direct access to images, css, and js files.
	# It will only block access to the site itself.
	# It will also mean your site is not cached at the Pantheon edge at all.
	#
	# TODO: this will also block command-line access. To work around that
	# we'd need to add an additional no-op check if the site is being accessed
	# via Drush or WP-CLI.

	if ($_SERVER['REMOTE_ADDR'] == 'office.ip.address') {
	# This is a no-op: developers from this ip are allowed.
	}
	elseif (isset($_SERVER['PHP_AUTH_USER']) &&
	$_SERVER['PHP_AUTH_USER'] == 'expected_user' &&
	$_SERVER['PHP_AUTH_PW'] == 'expected_pass') {
	# Also no-op: valid http-auth supplied!
	}
	else {
	# No auth and no ip. Challenge the user!
	header('WWW-Authenticate: Basic realm="Client Access"');
	header('HTTP/1.0 401 Unauthorized');
	echo 'Access to this site requires authentication.';
	exit;
	}