Difference between revisions of "How to bypass .htpasswd for certain IPs Apache"
From Brian Nelson Ramblings
(Created page with "==How to bypass .htpasswd for certain IPs with Apache== If you would like to setup Apache authentication on your website to block out unwanted user, example a development sit...") |
(→Wordpress wp-admin directory) |
||
(5 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
==How to bypass .htpasswd for certain IPs with Apache== | ==How to bypass .htpasswd for certain IPs with Apache== | ||
− | If you would like to setup Apache authentication on your website to block out unwanted | + | If you would like to setup Apache authentication on your website to block out unwanted users, example a development site with public access and allow your ipaddress to bypass the authentication. |
Setting up your .htaccess or vhost configuration file. | Setting up your .htaccess or vhost configuration file. | ||
Line 9: | Line 9: | ||
Add the following, with your variables | Add the following, with your variables | ||
− | + | Order deny,allow | |
− | + | Deny from all | |
AuthType Basic | AuthType Basic | ||
+ | AuthUserFile /path/to/.htpasswd | ||
+ | AuthName "Protected Area" | ||
require valid-user | require valid-user | ||
− | |||
Allow from xxx.xxx.xxx.xxx | Allow from xxx.xxx.xxx.xxx | ||
− | + | SetEnvIf X-FORWARDED-FOR xxx.xxx.xxx.xxx allowed | |
+ | Allow from env=allowed | ||
+ | Satisfy Any | ||
You will want to replace the xxx.xxx.xxx.xxx with your ipaddress. | You will want to replace the xxx.xxx.xxx.xxx with your ipaddress. | ||
Line 26: | Line 29: | ||
<Directory "/var/www/wordpressdomain/wp-admin/"> | <Directory "/var/www/wordpressdomain/wp-admin/"> | ||
− | + | Order deny,allow | |
− | + | Deny from all | |
AuthType Basic | AuthType Basic | ||
+ | AuthUserFile /path/to/.htpasswd | ||
+ | AuthName "Protected Area" | ||
require valid-user | require valid-user | ||
− | |||
Allow from xxx.xxx.xxx.xxx | Allow from xxx.xxx.xxx.xxx | ||
− | + | SetEnvIf X-FORWARDED-FOR xxx.xxx.xxx.xxx allowed | |
+ | Allow from env=allowed | ||
+ | Satisfy Any | ||
</Directory> | </Directory> | ||
This will protect your admin files from everyone but your ipaddress. | This will protect your admin files from everyone but your ipaddress. |
Latest revision as of 03:14, 1 April 2020
How to bypass .htpasswd for certain IPs with Apache
If you would like to setup Apache authentication on your website to block out unwanted users, example a development site with public access and allow your ipaddress to bypass the authentication.
Setting up your .htaccess or vhost configuration file.
Basic Usage
Add the following, with your variables
Order deny,allow Deny from all AuthType Basic AuthUserFile /path/to/.htpasswd AuthName "Protected Area" require valid-user Allow from xxx.xxx.xxx.xxx SetEnvIf X-FORWARDED-FOR xxx.xxx.xxx.xxx allowed Allow from env=allowed Satisfy Any
You will want to replace the xxx.xxx.xxx.xxx with your ipaddress.
This can be put in your vhost file or .htaccess file.
Wordpress wp-admin directory
Another example would be for wordpress wp-admin folder
<Directory "/var/www/wordpressdomain/wp-admin/"> Order deny,allow Deny from all AuthType Basic AuthUserFile /path/to/.htpasswd AuthName "Protected Area" require valid-user Allow from xxx.xxx.xxx.xxx SetEnvIf X-FORWARDED-FOR xxx.xxx.xxx.xxx allowed Allow from env=allowed Satisfy Any </Directory>
This will protect your admin files from everyone but your ipaddress.