Today we had the need to setup a htauth-secured WordPress blog for internal development purposes. We duly protected our web application with the vanilla .htaccess directives:
We were using WordPress to generate RSS data feeds, and were pulling down those feeds into PHPList (we combined the two products using my WP-PHPList WordPress plugin). The problem was, PHPList pulls in RSS feeds via the command line, which (at least out-of-the-box) doesn’t support htauth.
What I needed was a way to force all users to authenticate as normal, EXCEPT certain IPs (like localhost) to whom I’d give unrestricted access.
Some Googling resulted this useful article at AskApache.com, which points out that all I needed was to add:
to my directives, giving me the following:
The solution works perfectly - normal users are forced to authenticate, but PHPList can suck up RSS feeds without a problem.