Use htaccess to restrict based on domain name

Question

I have an application which accepts several urls, and redirects them in the application itself (in PHP)

So www.example.com is the main domain and www.example2014.com is the secondary, which the application deals with internally as www.example.com/2014/

We have added a new domain, and we now need to set up the application to handle it - add pages and content and so on.

How do I restrict www.example2014.com in my htaccess file with a user name and password until the new subdirectory of the app is ready for public consumption?

Answer 1

You can use SetEnvIf along with the Satisfy Any in mod_authz:

SetEnvIfNoCase HOST ^www\.example2014\.com(:80)?$ PROTECTED_HOST

AuthUserFile /var/www/htpasswd
AuthName "Password Protected"
AuthType Basic
Order Deny,Allow
Satisfy any
Deny from all
Require valid-user
Allow from env=!PROTECTED_HOST

This sets an environment variable "PROTECTED_HOST" if the requested host is www.example2014.com and the auth setup allows all requests to bypass password protecting if the "PROTECTED_HOST" is not set

Answer 2

If you're using httpd 2.2 then Jon Lin's answer is fine.

But if you're using 2.4 then I'd suggest using the following since access control has been entirely redesigned.

AuthUserFile /var/www/htpasswd
AuthName "Password Protected"
AuthType Basic
<RequireAny>
  Require expr %{HTTP_HOST} =~ /^www\.example2014\.com(:80)?$/i
  Require valid-user
</RequireAny>

Technically the RequireAny block is unnecessary since the default for Require directives not in a container is to behave as if they are in a RequireAny block, but it just makes it easier to read.