davidannis Posted May 3, 2014 Share Posted May 3, 2014 I generally follow the pattern of having three versions as I develop a new site. ddd.mydomain.com for active development, ttt.mydomain.com for testing, and www.mydomain.com for a live site. I protect the test site with htaccess. However, when I want to test Paypal IPN integration, I hit a snag because Paypal doesn't understand protected directories, so to test integration I need to either temporarily remove the .htaccess file or send the IPN notification to a different domain on the same server. I don't really like either of these solutions. Is there a way to let Paypal traffic only into an htaccess protected directory? Can I use htaccess for all directories but exempt a single program (my IPN listener)? Does anybody have a better approach? Quote Link to comment Share on other sites More sharing options...
requinix Posted May 3, 2014 Share Posted May 3, 2014 PayPal has a specific set of hostnames it calls from. You can lift the restriction for the right one(s). Quote Link to comment Share on other sites More sharing options...
davidannis Posted May 4, 2014 Author Share Posted May 4, 2014 Sorry to be dense but I still can't get it to work quite the way I want it to. I want anyone to encounter the Auth rule (require a username/password) except paypal. When I try to explicitly allow domains without Auth I can do so, but when I add the Auth those domains are not exempted. Here's the relevant part of my .htaccess file. AuthName "Test Site" AuthUserFile "/home/ezvaluat/.htpasswds/public_html/testezvalpro/passwd" require valid-user <Limit GET> order deny,allow deny from all allow from .paypal.com allow from .lightspeed.lnngmi.sbcglobal.net </Limit> This just denies me from comcast (or any other random domain) and prompts me for a password from .lightspeed.lnngmi.sbcglobal.net. I want it to prompt me for a password from comcast (or any other random domain) but to let me in from .lightspeed.lnngmi.sbcglobal.net or paypal with no password prompt. Also, I managed to put this in the wrong section. It has nothing to do with php configuration. I'd appreciate it if an admin would kindly move it to a more appropriate place. Quote Link to comment Share on other sites More sharing options...
davidannis Posted May 4, 2014 Author Share Posted May 4, 2014 I think I have it fixed. AuthType Basic AuthName "Test Site" AuthUserFile "/home/ezvaluat/.htpasswds/public_html/testezvalpro/passwd" require valid-user order deny,allow deny from all allow from .paypal.com allow from .lightspeed.lnngmi.sbcglobal.net Satisfy Any Allows me in from sbcglobal but prompts me for a password if I delete the line allow from .lightspeed.lnngmi.sbcglobal.net Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.