Jump to content


Photo

Password protecting test environment


  • Please log in to reply
3 replies to this topic

#1 davidannis

davidannis

    Freak Dr.

  • Members
  • PipPipPip
  • 588 posts
  • LocationOkemos, MI USA

Posted 03 May 2014 - 03:24 PM

I generally follow the pattern of having three versions as I develop a new site. ddd.mydomain.com for active development, ttt.mydomain.com for testing, and www.mydomain.com for a live site. I protect the test site with htaccess. However, when I want to test Paypal IPN integration, I hit a snag because Paypal doesn't understand protected directories, so to test integration I need to either temporarily remove the .htaccess file or send the IPN notification to a different domain on the same server. I don't really like either of these solutions. Is there a way to let Paypal traffic only into an htaccess protected directory? Can I use htaccess for all directories but exempt a single program (my IPN listener)? Does anybody have a better approach?



#2 requinix

requinix

    Hopeless Member

  • Moderators
  • 5,988 posts
  • LocationWA

Posted 03 May 2014 - 04:21 PM

PayPal has a specific set of hostnames it calls from. You can lift the restriction for the right one(s).
When in doubt, CHECK YOUR ERROR LOG

#3 davidannis

davidannis

    Freak Dr.

  • Members
  • PipPipPip
  • 588 posts
  • LocationOkemos, MI USA

Posted 04 May 2014 - 03:41 PM

Sorry to be dense but I still can't get it to work quite the way I want it to. I want anyone to encounter the Auth rule (require a username/password) except paypal. When I try to explicitly allow domains without Auth I can do so, but when I add the Auth those domains are not exempted. Here's the relevant part of my .htaccess file.

AuthName "Test Site"
AuthUserFile "/home/ezvaluat/.htpasswds/public_html/testezvalpro/passwd"
require valid-user

<Limit GET>
order deny,allow
deny from all
allow from .paypal.com
allow from .lightspeed.lnngmi.sbcglobal.net
</Limit>

This just denies me from comcast (or any other random domain) and prompts me for a password from .lightspeed.lnngmi.sbcglobal.net. I want it to prompt me for a password from comcast (or any other random domain) but to let me in from .lightspeed.lnngmi.sbcglobal.net or paypal with no password prompt.

 

Also, I managed to put this in the wrong section. It has nothing to do with php configuration. I'd appreciate it if an admin would kindly move it to a more appropriate place.



#4 davidannis

davidannis

    Freak Dr.

  • Members
  • PipPipPip
  • 588 posts
  • LocationOkemos, MI USA

Posted 04 May 2014 - 03:56 PM

I think I have it fixed.

AuthType Basic
AuthName "Test Site"
AuthUserFile "/home/ezvaluat/.htpasswds/public_html/testezvalpro/passwd"
require valid-user

order deny,allow
deny from all
allow from .paypal.com
allow from .lightspeed.lnngmi.sbcglobal.net
Satisfy Any

Allows me in from sbcglobal but prompts me for a password if I delete the line

allow from .lightspeed.lnngmi.sbcglobal.net






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Cheap Linux VPS from $5
SSD Storage, 30 day Guarantee
1 TB of BW, 100% Network Uptime

AlphaBit.com