Basic Authentication For Gii

I’m posting this incase it helps someone else. I was able to force basic authentication on Gii by using the following rules in my htaccess file (before the rewrite mod)

SetEnvIfNoCase Request_URI  ^/gii gii_auth=1

AuthName "Gii"

AuthType Basic

AuthBasicProvider file

AuthUserFile "/path/to/.passwd"

Require valid-user

Order Allow,Deny

Allow from all

Deny from env=gii_auth

Satisfy Any

… and my Gii IP filter is set to:




… so now unless someone guesses both, my basic auth username and pass and my gii password I’m screwed, but otherwise I can work with little fear of someone messing with Gii if they find my online dev environment.

My URL Manger currently looks like this: