WebFaction
Community site: login faq

I've got three types of sites for my project on webfaction:

  1. production - anyone can access
  2. preview - open only to my team
  3. development - open only to the developers on my team

I'd like to be able to recognize my team and my developers either by ip or by http-auth userid/password - the former for convenience, the latter for access away from the office, etc.

For sanity, I'd like to have the same .htaccess file in all three html/ directories, so that any other tweaks propagate. (I'd prefer to do this via "include" files of some sort, but that's not an option for .htaccess

The snippet below handles 1 and 2. I'd appreciate suggestions for how to handle 3 - i.e. content of all three .htaccess files is the same, but "anyone" , "team", and "developers" treated differently depending on the domain

.htaccess snippet

#note if we're the production server
SetEnvIf Host "production\.mysite\.com" env_production

#Recognize development staff
AuthUserFile /home/mysite/webapps/dev/security/.htpasswd
AuthGroupFile /home/mysite/webapps/dev/security/groups
AuthName "team"
AuthType Basic
Require group team

#you get in if you're not denied OR you're specifically allowed
order deny,allow

#everyone locked out, unless an Allow lets you in or you have a Required password
deny from all

#production server is generally open 
allow from env=env_production

#blessed IPs that can always get in
allow from xx.xxx.xx.xxx

#passwords if you're not in so far
Require group development

#if you have a password, we don't care about anything else (and vice versa)
Satisfy Any

asked 03 Dec '10, 14:40

cesnn
93513
accept rate: 14%


What is the directory structure and url structure exactly? Are all 3 groups trying to access the exact same directory? Does each group have its own directory? Do you have multiple sites that you all want to have the same rules and these rules just have 3 levels of user permissions? You might be able to solve the issue of 1 .htaccess file in more than 1 place with a symbolic link. The symbolic link command is 'ln'. You may not, .htaccess and apache config files are picky. You might want to submit a support ticket so we can look at how your site(s) are set up in the control panel. Without knowing the exact directory and url structure it is hard to say what you would need to do. Personally I would not put these rules in .htaccess but in the program itself. Frameworks like Django have user level permissions built in. Also having auto verification by IP is insecure as anyone can spoof an IP. I would not recommended it solely for ease of use.

permanent link

answered 03 Dec '10, 17:24

johns
5.3k312
accept rate: 23%

Thanks for the response.

Symbolic link doesn't help much - it saves the trouble of copying the .htaccess file in multiple directories via subversion or the like, but it doesn't address the switches etc. set by the configuration file.

Each of the three apps is a PHP CGI app, to the .htaccess files live in, roughly:

~/webapps/dev/html
~/webapps/preview/html
~/webapps/production/html

What I've sketched above works as far as it goes, but doesn't handle the preview vs. dev access distinction.

Also, AFAIK, there's no good way in .htaccess in the <ifmodule php5_module=""> block, to set a different include_path php_value depending on which directory you're in.

I'm just trying to reduce the chance that I, say, set the php_value session.gc_maxlifetime in dev, but forgets to replicate it to preview and production.

Migrating the access control entirely to PHP is probably the best idea, thanks. I'll handle the rest of that via a makefile that combines, say, .htaccess_global_ and .htaccess_production_ in one case, and .htaccess_global_ and .htaccess_dev_ in another, creating the particular .htaccess file each time.

permanent link

answered 06 Dec '10, 15:04

cesnn
93513
accept rate: 14%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×75
×33
×27

question asked: 03 Dec '10, 14:40

question was seen: 4,544 times

last updated: 06 Dec '10, 15:04

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2019 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM