Apache cookie auth for your dev sites

Submitted by nk on Mon, 2008-08-04 07:39.

If you have a development only website then you probably have basic auth over it, just to keep the prying eyes away. It is, however, quite daunting to always OK the many password dialogues. A little rewrite magic helps:

RewriteEngine On
RewriteCond %{HTTP:Authorization} "^Basic dGVzdDp0ZXN0"
RewriteRule ^ - [co=test:test:.development.example.com:1440000:/] [L]

RewriteCond %{HTTP:Authorization} "!^Basic dGVzdDp0ZXN0"
RewriteCond %{HTTP_COOKIE} !(^|\ |;)test=test;
RewriteRule ^ - [R=401,L]
Header always set WWW-Authenticate "Basic realm='development'"

The first two rule will set a cookie if you have supplied user test, password test for basic auth. php -r "print base64_encode('test:test');" is how you generate it. The next rule will throw a 401 if neither password nor cookie is given. The last is not a rewrite rule but a mod_header which will throw a password prompt. There are cookie auth extensions out there but for this simple case this is quite enough.

Update: for your virtual hosts, do not forget

RewriteEngine On
RewriteOptions Inherit

User login

What is OpenID?
Log in using OpenID

No user registration here. Use your DrupalID from drupal.org, for eg. chx@drupal.org