If you have a development only website then you probably have basic auth over it, just to keep the prying eyes away. It is, however, quite daunting to always OK the many password dialogues. A little rewrite magic helps:

RewriteEngine On
RewriteCond %{HTTP:Authorization} "^Basic dGVzdDp0ZXN0"
RewriteRule ^ - [co=test:test:.development.example.com:1440000:/] [L]

RewriteCond %{HTTP:Authorization} "!^Basic dGVzdDp0ZXN0"
RewriteCond %{HTTP_COOKIE} !(^|\ |;)test=test;
RewriteRule ^ - [R=401,L]
Header always set WWW-Authenticate "Basic realm='development'"

The first two rule will set a cookie if you have supplied user test, password test for basic auth. php -r "print base64_encode('test:test');" is how you generate it. The next rule will throw a 401 if neither password nor cookie is given. The last is not a rewrite rule but a mod_header which will throw a password prompt. There are cookie auth extensions out there but for this simple case this is quite enough.

Update: for your virtual hosts, do not forget

RewriteEngine On
RewriteOptions Inherit

Commenting on this Story is closed.