Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
htaccess to password protect a specific server
# ----------------------------------------------------------------------
# Password protect staging server
# Use one .htaccess file across multiple environments
# (e.g. local, dev, staging, production)
# but only password protect a specific environment.
# ----------------------------------------------------------------------
SetEnvIf Host passreq
AuthType Basic
AuthName "Password Required"
AuthUserFile /full/path/to/.htpasswd
Require valid-user
Order allow,deny
Allow from all
Deny from env=passreq
Satisfy any
Copy link

elliotlewis commented Dec 10, 2014

@loekwetzels I think you're missing the vital line in there! This password protects the server, spoofing the domain name won't get around that, you'll still need to know the password.

Copy link

Risyandi commented May 19, 2018

Hopefully this is help for my staging / development sites.

Copy link

jan-vodila commented Oct 12, 2019

@elliotlewis - Unfortunately I think that @loekwetzels is right. If you put to your hosts file a record as he describes, then SetEnvIf Host returns FALSE, so env variable won't be passreq. Because my host is omgihazaccess (from @loekwetzels example).

Copy link

JohnnyWalkerDesign commented Apr 7, 2022

I think @jan-vodila and @loekwetzels are right. Probably not a good solution for anything seriously important

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment