1

I would like to add a rule in .htaccess that "Does something" (actually enable a httpauth user restriction) depending on the domain name.

I thought I had it and did:

<IfModule mod_setenvif.c>
    SetEnvIf Host "staging\.(.*)\.ch" HTTPAUTHPROTECT=true
    <IfDefine HTTPAUTHPROTECT>
        # Do something
        # For testing, I used the following line:
        # SetEnvIf Host "staging\.(.*)\.ch" CONDITIONMATCHED=conditionmatched
    </IfDefine>
</IfModule>

On a server that runs with Litespeed, I thought this was working. Maybe I was wrong and the <IfDefine HTTPAUTHPROTECT> part returns true all the time. On another server with Apache (2.4.54), it keeps returning false no matter what the ENV var is set to.

  • I read on SO that on Apache, IfDefine doesn't work that way anyway. Is that true?

  • So is there a way to make such a condition?

PS: I'm not referring to a rewrite rule. The code I want to execute conditionally is:

    AuthType Basic
    AuthName "Login"
    AuthUserFile "/path/to/.htpasswd"
    Require valid-user
Urs
  • 115
  • 3

1 Answers1

1

<IfDefine> is probably not supported by LiteSpeed, so it gets "ignored" and the contents is executed unconditionally (there may be something in the error log).

On Apache <IfDefine> checks server defined variables (eg. with Define <var> or on the Apache command line with -D flag). It does not check against environment variables, hence why the expression is always false on Apache and the contents is never executed.

On Apache, you can use an Apache <If> expression (requires Apache 2.4) and check against the environment variable. For example:

SetEnvIf Host "^staging\..+\.ch$" HTTPAUTHPROTECT=true
<If "reqenv('HTTPAUTHPROTECT') == 'true'">
    AuthType Basic
    AuthName "Login"
    AuthUserFile "/path/to/.htpasswd"
    Require valid-user
</If>

However, I couldn't say for sure whether this would work on LiteSpeed, which tends to more closely match Apache 2.2 in its "Apache" support.

Also, on Apache (but not LiteSpeed), if this is being used in a directory context (eg. .htaccess) and you are also performing URL rewrites (that trigger a "loop" by the rewrite engine) then you might need to check for REDIRECT_HTTPAUTHPROTECT in the <If> expression instead. This is because, any env vars set during the initial phase are renamed with a REDIRECT_ prefix in subsequent passes. (On LiteSpeed, however, env vars set during an earlier phase of processing are simply lost, not renamed.)

Mind you, if this is the only thing you are using the env var for then you could instead check the Host header directly in the <If> expression (no need for an env var). For example:

<If "%{HTTP_HOST} =~ /^staging\..+\.ch$/">
:
MrWhite
  • 12,647
  • 4
  • 29
  • 41
  • 1
    Thank you so much for that complete answer with the background information about the redirects – and the solution that does the trick in even a simpler way. This is absolutely great. Btw it works on our Apache 2.4 as well as on our Litespeed (I don't know the version) servers. THANKS!!! – Urs Sep 15 '22 at 08:00
  • 1
    Litespeed 6.0.12 currently – Urs Sep 15 '22 at 08:34