Basic Authentication For Gii

I’m posting this incase it helps someone else. I was able to force basic authentication on Gii by using the following rules in my htaccess file (before the rewrite mod)


SetEnvIfNoCase Request_URI  ^/gii gii_auth=1

AuthName "Gii"

AuthType Basic

AuthBasicProvider file

AuthUserFile "/path/to/.passwd"

Require valid-user

Order Allow,Deny

Allow from all

Deny from env=gii_auth

Satisfy Any

… and my Gii IP filter is set to:


'ipFilters'=>array(

    $_SERVER['REMOTE_ADDR'],

),

… so now unless someone guesses both, my basic auth username and pass and my gii password I’m screwed, but otherwise I can work with little fear of someone messing with Gii if they find my online dev environment.

My URL Manger currently looks like this:




'urlManager'=>array(

    'urlFormat'=>'path',

    'showScriptName'=>false,

    'caseSensitive'=>false,

        'rules'=>array(

            '<controller:\w+>/<id:\d+>'=>'<controller>/view',

            '<controller:\w+>/<action:\w+>/<id:\d+>'=>'<controller>/<action>',

            '<controller:\w+>/<action:\w+>'=>'<controller>/<action>',

        ),

),