Jump to content

Password protecting test environment


Recommended Posts

I generally follow the pattern of having three versions as I develop a new site. ddd.mydomain.com for active development, ttt.mydomain.com for testing, and www.mydomain.com for a live site. I protect the test site with htaccess. However, when I want to test Paypal IPN integration, I hit a snag because Paypal doesn't understand protected directories, so to test integration I need to either temporarily remove the .htaccess file or send the IPN notification to a different domain on the same server. I don't really like either of these solutions. Is there a way to let Paypal traffic only into an htaccess protected directory? Can I use htaccess for all directories but exempt a single program (my IPN listener)? Does anybody have a better approach?

Link to comment
https://forums.phpfreaks.com/topic/288220-password-protecting-test-environment/
Share on other sites

Sorry to be dense but I still can't get it to work quite the way I want it to. I want anyone to encounter the Auth rule (require a username/password) except paypal. When I try to explicitly allow domains without Auth I can do so, but when I add the Auth those domains are not exempted. Here's the relevant part of my .htaccess file.

AuthName "Test Site"
AuthUserFile "/home/ezvaluat/.htpasswds/public_html/testezvalpro/passwd"
require valid-user

<Limit GET>
order deny,allow
deny from all
allow from .paypal.com
allow from .lightspeed.lnngmi.sbcglobal.net
</Limit>

This just denies me from comcast (or any other random domain) and prompts me for a password from .lightspeed.lnngmi.sbcglobal.net. I want it to prompt me for a password from comcast (or any other random domain) but to let me in from .lightspeed.lnngmi.sbcglobal.net or paypal with no password prompt.

 

Also, I managed to put this in the wrong section. It has nothing to do with php configuration. I'd appreciate it if an admin would kindly move it to a more appropriate place.

I think I have it fixed.

AuthType Basic
AuthName "Test Site"
AuthUserFile "/home/ezvaluat/.htpasswds/public_html/testezvalpro/passwd"
require valid-user

order deny,allow
deny from all
allow from .paypal.com
allow from .lightspeed.lnngmi.sbcglobal.net
Satisfy Any

Allows me in from sbcglobal but prompts me for a password if I delete the line

allow from .lightspeed.lnngmi.sbcglobal.net

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.