tags:

views:

428

answers:

2
+1  Q: 

Use HTTP Auth only if accessing a specific domain

I've got several sites: example.com, example1.com, and example2.com. All of them point to my server's /public_html folder, which is my Apache root folder.

What do I need to add to my .htaccess file to use http authentication only if the user is coming from example2.com? example.com and example1.com should NOT use authentication.

I know I need something like

AuthType Basic
AuthName "Password Required"
AuthUserFile "/path/to/.htpasswd"
Require valid-user

But I only want to require a password if the user is visiting example2.com.

Edit

Using an approach suggested in an answer, I have the following in my .htaccess file:

SetEnvIfNoCase Host ^(.*)$ testauth
<IfDefine testauth>
RewriteRule ^(.*)$ index2.php?q=$1 [L,QSA]
</IfDefine>

I know that the mod_setenvif.c module is enabled (I verified with an <IfModule> block), but it would appear that "testauth" is never getting defined, because my test to verify (redirecting to index2.php) is not executing (whereas it was getting executed in my <IfModule> block). Any ideas why?

+1  A: 

You shouldn't be putting per-vhost configuration into .htaccess. Instead, put the config block in the VirtualHost block in the proper config file in /etc/apache/sites-enabled/*.

Martin v. Löwis  2009-08-31 22:02:48
I don't have access to the vhost files, unfortunately. I'm running all this on a shared hosting server through CPanel. =(
Dave DeLong  2009-08-31 22:07:42
+1  A: 

Try this using SetEnvIfNoCase and <IfDefine>:

SetEnvIfNoCase Host ^example2\.com$ auth-req

<IfDefine auth-req>
# …
</IfDefine>
Gumbo  2009-08-31 22:15:56
This looks really promising! I've edited my original question with some more regarding this approach.
Dave DeLong  2009-08-31 23:30:38
As I understood it, the IfDefine has nothing to do with SetEnvIfNoCase. It would have been nice if it had, though, and this was a discussion in the Apache mailing list here (http://archive.apache.org/gnats/3000). Instead, IfDefine is set with the "-D" parameter on loading of Apache, which is set on Ubuntu at least in /etc/apache2/envvars as: export APACHE_ARGUMENTS="-D dev"
Volomike  2009-11-22 20:13:22

related questions

How do I add a MIME type to .htaccess?
Difference between the Apache HTTP Server and Apache Tomcat?
How do I support SSL Client Certificate authentication?
Why can't I connect to my CAS server with Perl's AuthCAS?
Cleanest & Fastest server setup for Django
Installing Apache Web Server on 64 Bit Mac
Running Apache alongside another web server?
Algorithm behind MD5Crypt
Can you compile Apache HTTP Server and redeploy its binaries to a different location ?
mod_rewrite rule to redirect all requests except for one specific path
How do I create a self signed SSL certificate to use while testing a web app.
Software for Webserver Log Analysis?
What is the difference between an endpoint, a service, and a port when working with webservices?
What are the proper permissions for an upload folder with PHP/Apache?
mod_rewrite to alias one file suffix type to another
How do you redirect HTTPS to HTTP?
Using mod_rewrite to Mimic SSL Virtual Hosts?
User authentication on Resin webserver
How do you set up Python scripts to work in Apache 2.0?
Block user access to internals of a site using HTTP_REFERER
.htaccess directives to *not* redirect certain URLs
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP