-1

I'm trying to develop, test, and debug a website's CSS, and PHP code, and block the public from seeing any of the websites pages (by redirecting them to a parked "maintenance" page), while the site is still being developed. This site is NOT a WordPress site, so the problem is NOT solvable by simply applying a plugin. However it may be solvable by using .htaccess, if it's configured correctly.

I'm using the following code in the.htaccess file in the root of my websites tree:

<IfModule mod_rewrite.c>

# Allow the developer(s) (set to example.com's IP address for demonstration purposes) access to the website, via their IP address. #
RewriteCond %{REMOTE_ADDR} !^(93\.184\.216\.34)

# Allow users access to the directory containing the pages that handle HTTP error codes. #
RewriteCond %{REQUEST_URI} !^.*\/(error_documents)\/.+$ [NC]

# Allow users access to the parked "maintenance" page (duh!). #
RewriteCond %{REQUEST_URI} !^.*\/park\/index\.php$ [NC]

# During development and maintenance periods, redirect all others to the parked "maintenance" page. #
RewriteRule .* /park/index.php [R=302,L]

</IfModule>

Now, this works perfectly fine for it's intended purpose, but now I have (2) new problems:

In order to solve these (2) problems, the following has to be accomplished:

  • Figure out the HTTP_USER_AGENT string the aforementioned (2) services are using, to access the website, and specifically allow those user agents (i.e. In consistency with the .htaccess code block, above, check that the request is NOT coming from those (2) services. If it is, then be sure NOT to redirect them to the parked "maintenance" page).

To give you an initial starting-point clue, that directive might look a little something like this:

RewriteCond %{HTTP_USER_AGENT} !^GoogSDTT
RewriteCond %{HTTP_USER_AGENT} !^W3CValidator
James Anderson Jr.
  • 760
  • 1
  • 8
  • 26

1 Answers1

-1

I found the answer to my question (with a little bit of online research):

With help from this page, and this page, from whatismybrowser.com, I was able to come up with the following .htaccess directive:

<IfModule mod_rewrite.c>

# Allow the developer(s) (set to example.com's IP address for demonstration purposes) access to the website, via their IP address. #
RewriteCond %{REMOTE_ADDR} !^(93\.184\.216\.34)

# Allow access from [ Google Structured Data Testing Tool ]. #
RewriteCond %{HTTP_USER_AGENT} !^.*(Google\-Structured\-Data\-Testing\-Tool).*$ [NC]

# Allow access from [ W3C Markup Validation Service ]. #
RewriteCond %{HTTP_USER_AGENT} !^.*(W3C_Validator|Validator\.nu\/LV).*$ [NC]

# Allow access from [ W3C CSS Validation Service ]. #
RewriteCond %{HTTP_USER_AGENT} !^.*(W3C_CSS_Validator).*$ [NC]

# Allow users access to the directory containing the pages that handle HTTP error codes. #
RewriteCond %{REQUEST_URI} !^\/(error_documents)\/.*$ [NC]

# Allow users access to the parked "maintenance" page (duh!). #
RewriteCond %{REQUEST_URI} !^\/park\/index\.php$ [NC]

# During development and maintenance periods, redirect all others to the parked "maintenance" page. #
RewriteRule .* /park/index.php [R=302,L] 

</IfModule>

Please, let me know if I missed something, or if there is an error in my code.

Regards,

PS: And, no, I’m not worrying about someone spoofing the HTTP_USER_AGENT string, because this is meant to keep “normal” people from viewing the site. Others would eventually find some way to hack their way in, regardless of how many preventative security measures I take, and no matter how proactive I try to be. My father always warned me, “A thief can steal the salt out of a biscuit, and not even break the crust, ” and “Locks are only for honest people,” So I took heed to his advise, and don't worry so much about hackers anymore. Besides, even if they DO get in, what's the worst that can happen? They see a broken, or unfinished website?

James Anderson Jr.
  • 760
  • 1
  • 8
  • 26