HTTP Basic Authentication unless accessing from specified IP address

Posted on 10 April 2014
1 minute read

I have a portal site providing quick links to public, private and development projects. I wanted to access this without hindrance from my internal network and one other specified IP address, but also wanted to be able to access this site from anywhere else on the internet, but to keep the access private. A .htaccess file and Basic HTTP Authentication can be combined to specify an IP address to allow access straight through, and to require login credentials for all other access.

# Deny all access
Order deny,allow
Deny from all

# Use Basic HTTP Authentication
AuthType Basic
AuthName "My protected site"
AuthUserFile /path/to/your/.htpasswd
Require valid-user

# Define specific IP address(es) to allow access without requiring login
Allow from 192.168.0.0/16

Satisfy Any

Save this file as .htaccess in the root dir of the site you wish to protect and create your .htpasswd file:

htpasswd -c -s /path/to/your/.htpasswd myusername

Enter your password then confirm the password when prompted in the console.

Test by accessing the site from the internal network, which should allow access immediately. Test from an external location which should then prompt for a username and password and if correctly supplied, allow access.