Apache authentication except localhost

Question

I need to apply HTTP auth just in public use of website, but I don\'t apply it on my localhost. This is the .htaccess that I think should work. But it doesn\'t work

Answer 1

You need to look at the order and satisfy keywords. Working example from my website is below. First we tell that we accept either the IP or USER. Then we define htpasswd file path and that we accept any valid user from that file. Finally we define which client IP addresses can access our web without auth (we deny all other IPs, so that they must auth via htpasswd).

# permit by USER || IP
Satisfy any
# USER
AuthUserFile /var/www/munin/.htpasswd
AuthGroupFile /dev/null
AuthName "Password Protected Area"
AuthType Basic
require valid-user
# IP
order deny,allow
deny from all
allow from 11.22.33.