How to allow specific ip-addresses to view web-site with fallback to use user-password combination.

  • Fix default magento htaccess
  • Apache Solution
  • Restart Varnish
  • Turpentine Use Case

Apache Solution

Fix default magento htaccess

Find and comment lines, which set up default access for web-site:

############################################
## By default allow all access

    #Order allow,deny
    #Allow from all

Modify htaccess

AuthName "Please log in"
AuthType Basic
AuthUserFile /path/to/.htpasswd
Order deny,allow
Deny from all

SetEnvIF X-Forwarded-For 1.1.1.1 AllowIP
Allow from 1.1.1.1
SetEnvIF X-Forwarded-For 2.2.2.2 AllowIP
Allow from 2.2.2.2

Allow from env=AllowIP
require valid-user
satisfy any

X-Forwarded-For is env-variable, where varnish save real ip address.

Restart Varnish

Varnish caches htaccess, so to apply new htaccess restart Varnish.

Turpentine Use Case

Turpentine default configuration disables Varnish for pages where is Basic Auth.

You need to remove req.http.Authorization from vcl_recv in your Varnish configuration file default.vcl:

if (!true || // req.http.Authorization ||
req.request !~ "^(GET|HEAD)$" ||
req.http.Cookie ~ "varnish_bypass=1") {
return (pipe);
}

Feel informed? I hope so.

Like this article? Share it on Facebook, Twitter, or Linkedin, send a smoke signal or even try some morse code.

I will be glad to answer your questions or get some feedback from you here in comments below.