Today we had the need to setup a htauth-secured WordPress blog for internal development purposes. We duly protected our web application with the vanilla .htaccess directives:
We were using WordPress to generate RSS data feeds, and were pulling down those feeds into PHPList (we combined the two products using my WP-PHPList WordPress plugin). The problem was, PHPList pulls in RSS feeds via the command line, which (at least out-of-the-box) doesn’t support htauth.
What I needed was a way to force all users to authenticate as normal, EXCEPT certain IPs (like localhost) to whom I’d give unrestricted access.
to my directives, giving me the following:
The solution works perfectly - normal users are forced to authenticate, but PHPList can suck up RSS feeds without a problem.