How to bypass .htpasswd for certain IPs Apache

From Brian Nelson Ramblings
Revision as of 03:11, 1 April 2020 by Brian (Talk | contribs) (Basic Usage)

Jump to: navigation, search

How to bypass .htpasswd for certain IPs with Apache

If you would like to setup Apache authentication on your website to block out unwanted users, example a development site with public access and allow your ipaddress to bypass the authentication.

Setting up your .htaccess or vhost configuration file.

Basic Usage

Add the following, with your variables

Order deny,allow Deny from all AuthType Basic AuthUserFile /path/to/.htpasswd AuthName "Protected Area" require valid-user Allow from SetEnvIf X-FORWARDED-FOR allowed Allow from env=allowed Satisfy Any

You will want to replace the with your ipaddress.

This can be put in your vhost file or .htaccess file.

Wordpress wp-admin directory

Another example would be for wordpress wp-admin folder

<Directory "/var/www/wordpressdomain/wp-admin/">
  AuthUserFile /path/to/your/.htpasswd
  AuthName "Please Log In"
  AuthType Basic
  require valid-user
  Order allow,deny
  Allow from
  Satisfy any

This will protect your admin files from everyone but your ipaddress.