Difference between revisions of "How to bypass .htpasswd for certain IPs Apache"

From Brian Nelson Ramblings
Jump to: navigation, search
(Basic Usage)
(Wordpress wp-admin directory)
Line 29: Line 29:
  
 
  <Directory "/var/www/wordpressdomain/wp-admin/">
 
  <Directory "/var/www/wordpressdomain/wp-admin/">
  AuthUserFile /path/to/your/.htpasswd
+
Order deny,allow
  AuthName "Please Log In"
+
Deny from all
  AuthType Basic
+
AuthType Basic
  require valid-user
+
AuthUserFile /path/to/.htpasswd
  Order allow,deny
+
AuthName "Protected Area"
  Allow from xxx.xxx.xxx.xxx
+
require valid-user
  Satisfy any
+
Allow from xxx.xxx.xxx.xxx
 +
SetEnvIf X-FORWARDED-FOR xxx.xxx.xxx.xxx allowed
 +
Allow from env=allowed
 +
  Satisfy Any
 
  </Directory>
 
  </Directory>
  
 
This will protect your admin files from everyone but your ipaddress.
 
This will protect your admin files from everyone but your ipaddress.

Revision as of 03:14, 1 April 2020

How to bypass .htpasswd for certain IPs with Apache

If you would like to setup Apache authentication on your website to block out unwanted users, example a development site with public access and allow your ipaddress to bypass the authentication.

Setting up your .htaccess or vhost configuration file.

Basic Usage

Add the following, with your variables

Order deny,allow
Deny from all
AuthType Basic
AuthUserFile /path/to/.htpasswd
AuthName "Protected Area"
require valid-user
Allow from xxx.xxx.xxx.xxx
SetEnvIf X-FORWARDED-FOR xxx.xxx.xxx.xxx allowed
Allow from env=allowed
Satisfy Any

You will want to replace the xxx.xxx.xxx.xxx with your ipaddress.

This can be put in your vhost file or .htaccess file.

Wordpress wp-admin directory

Another example would be for wordpress wp-admin folder

<Directory "/var/www/wordpressdomain/wp-admin/">
Order deny,allow
Deny from all
AuthType Basic
AuthUserFile /path/to/.htpasswd
AuthName "Protected Area"
require valid-user
Allow from xxx.xxx.xxx.xxx
SetEnvIf X-FORWARDED-FOR xxx.xxx.xxx.xxx allowed
Allow from env=allowed
 Satisfy Any
</Directory>

This will protect your admin files from everyone but your ipaddress.