Apache: password protect directories except from local ips

We faced the following problem:

1. we want to let our clients test projects on our test webserver – using basic http authentication.

2. users from our local network should not be bothered by the username and password request

The solution we implemented:

Place a .htaccess – file in the webroot of your apache webserver with the following content:

Order deny,allow
Deny from all
AuthName "htaccess password prompt"
AuthUserFile /path/to/your/webroot/.htpasswd
AuthType Basic
Require valid-user
Allow from localhost #that would be me
Allow from 192.168.0.0/24 #suppose the ip range of your local network goes from 192.168.0.2 - 192.168.0.254
Satisfy Any

Use htpasswd to create the file AuthUserFile /path/to/your/webroot/.htpasswd and create at least one user with a password:

htpasswd -c /path/to/your/webroot/.htpasswd username
#you will be promtped for a password

Remarks:

1.depending on your local network configuration you want might to exclude the internal router/gateway IP from the range of IPs(192.168.0.0/24) that do not require authentication

2.of course, the apache virtualhost must be configured in such a manner that .htacces-files are evaluated. Take a look at the AllowOverride directive

Leave a Reply

Your email address will not be published. Required fields are marked *