.htaccess basic auth by virtual host?

Question

I was wondering if it was possible to setup a conditional http basic auth requirement based on the virtual host URL in an .htaccess file.

For example what I want t

Answer 1

I had problems implementing Jon's solution: Although I am quite familiar with Apache conf and regular expressions, the authentication always fired. From a quick analyzes it looked like the Allow from env=!PROTECTED_HOST line did not kick in.

But I found another solution that actually looks safer to me:

I created two virtual hosts for the two domains pointing to the same document root (which is fully allowed by the way). In one of the vhosts I added the directives for basic auth (directly into the vhost directive block).

Works like a charm. And I have a better feeling that this is really safe - no risk to overlook any details in the regex pattern that would open up the gates for intruders.

    ServerName www.mysite.com
    DocumentRoot "/path/to/common/doc/root"

    
        Options Indexes FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    



    ServerName protected.mysite.com
    DocumentRoot "/path/to/common/doc/root"

    
        Options Indexes FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all

        AuthUserFile /path/to/htpasswd
        AuthName "Password please"
        AuthType Basic
        Require valid-user