0

I'm trying to protect a single url using htaccess password. (it's my admin page)

After some research, I found (on stackoverflow) the solution : use SetEnvIf to detect the URL and then ask password only when we have the URL.

I tested it but that didn't work : the password was asked everytime. After investigation with my host, it seems they are runnig LITESPEED (and not Apache) and the module SetEnvIf is not activated. As a result, I am stuck... Can I do it differently ?

Mansur Khan
  • 1,675
  • 1
  • 12
  • 24

1 Answers1

1

You can always try doing it manually with PHP. AFAIK no server configuration is necessary.

toon81
  • 868
  • 1
  • 5
  • 13
  • Not what I was thinking first (cause I didn't know about it) but after testing it seems nice and more flexible. THanks, I will use this. Btw, is are htacess and php auth equally secured ? – Mansur Khan Jan 19 '14 at 19:39
  • 1
    Strictly speaking I'd say .htaccess files would be more secure, because that way your PHP code never gets touched if the password is not entered correctly. How much of a difference it makes depends on your PHP code I suppose. The more securely you code, the smaller the difference becomes. – toon81 Jan 19 '14 at 20:37