Portal Home > Knowledgebase > Articles Database > Password protecting .htaccess based on {HTTP_HOST}
Password protecting .htaccess based on {HTTP_HOST}
| Posted by orchardhosting, 05-14-2009, 07:05 AM |
| Hi,
We have several sites that run from the same folder using the same code (it's basically a CMS system). We point the domain at this account, and the .htaccess rules will retrieve the correct site files for that domain.
I'd like to restrict some of the sites via password protection in .htaccess, but I can't find away of doing based on the domain /http_host
IE, if we have two domains, MySite.com and MyPasswordProtectedSite.com (which both point to the same folder on the server) I'd like an .htaccess password box to popup only when the http_host is MyPasswordProtectedSite.com
I've been looking at trying to do it with conditional statements in .htaccess but I'm getting nowhere.
Any ideas?
|
| Posted by Xeentech, 05-14-2009, 03:40 PM |
| You could use the environment variable setting capabilities of RewriteRule to detect the HTTP host and set an environment variable.
Then just do an block later.
|
| Posted by xphoid, 05-14-2009, 03:44 PM |
| That should work. You could probably reverse the allow/deny logic to only password one host as well.
|
| Posted by orchardhosting, 05-15-2009, 05:00 AM |
| Thanks guys. This is a great help, I'll let you know how I get on.
Cheers,
Tom
|
| Posted by orchardhosting, 05-15-2009, 07:24 AM |
| Thanks guys, worked a treat.
And I learnt something very useful.
|
| Posted by TrueHacker, 05-15-2009, 03:30 PM |
| Yes. Thanks. I was able to implement this as well.
|
| Posted by orchardhosting, 05-18-2009, 12:50 PM |
| Hi again,
I've run into another problem with this setup, how can I have multiple AuthUser files based on the domain:
Currently have the following code:
But AuthName,AuthUserFile is always the last instance in the .htaccess file, is there anyway around this?
|
| Posted by orchardhosting, 05-21-2009, 06:37 AM |
| Sorry to bump, but desperate for a solution and having no success? Any ideas at all welcome!
Tom
|
| Posted by foobic, 05-21-2009, 08:34 AM |
| Tricky. I have two ideas, but I suspect you won't like either.
Use a single AuthUserFile and enforce usernames in the form site1.fred, site2.joe etc.Put each site in a separate directory with its own .htaccess (or preferably give each one its own vhost with a separate document_root). Then to avoid duplicating all the files, symlink your cms directory in each one.
|
| Posted by orchardhosting, 05-27-2009, 04:04 AM |
| Thanks Foobic, I'll give it a go, but you're right, I don't like either.
I don't think 2) is possible as they have to run from the same index.php file and therefore directory?
|
| Posted by foobic, 05-27-2009, 04:13 AM |
| Hey, we can't always get what we want.
I guess with (2) the question is why must they all run from the same directory? If it's just to reduce disk space and simplify updates then symlinking duplicate directories might give you the same benefits.
Alternative thought about (1): fred@site1, joe@site2 etc, as used in many other similar situations for virtual users.
|
| Posted by orchardhosting, 06-02-2009, 09:56 AM |
| Hi foobic,
Thanks for you continuing efforts.
2)Isn't a possible solution as the system works from a central index.php file and a monster .htaccess that goes of and fetches different images and css files depending on site names etc.
Also, I'd get killed if I tried to change that system.
I'm still a little confused about 1) - you mention using different usernames based on the domain- which I understand, but how could you stop a username and password from one domain working on another site?
|
| Posted by foobic, 06-02-2009, 10:15 AM |
| Good question. I guess you could add a simple check in your CMS to verify that the domain part of REMOTE_USER matches HTTP_HOST. Begs the question though: Why don't you just let the CMS to handle all this authentication? (as most of them do already)
|
Add to Favourites 
Print this Article
Also Read
