Disabling HTACCESS in Stage?

Question

Our new AzureAD B2C authentication solution needs the the SAML metadata to be publicly accessible. The HTACCESS auth prevents this. Whitelisting IP's is a joke because AzureAD uses many large ranges of IPs and it can be any one.

So, we'd like to disable HTACCESS in Stage.

Notes:

None of our content is publicly accessible - all behind a login.
Registrations are disabled.
Robotx.txt is edited w/ nofollow (if that even matters)

Khoros says we'll need to sign a security waiver. So I'm curious:

Do any of your communities have HTACCESS for Stage disabled?
How do you (or would you) go about making sure it's still secure?

Any insight would be appreciated. We're at our wits end here.

drew_c · Answer

Without knowing how the .htaccess rules are written, it seems to me like it would be possible to move the specific path for your SAML Metadata to the allow side of the rules. It's been a couple years since I had to do any Apache config. It might have to go in the config there, vs the actual .htaccess file.

Regardless, it's certainly possible to configure a "regular" web server to allow a specific path while still requiring basic auth everywhere else.

Edit: We use Azure B2C as well, with separate configs in Stage and Prod. I don't recall having any issues related to this when we implemented it.

Forum Discussion

Disabling HTACCESS in Stage?

Related Content

Stage SDK Changes?

How to disable Angular

Force/trigger a SASS precompile at Stage?

Disable Float functionality

How to call API to autenticate with HTAccess

Recent Discussions

API v1 docs gone since Atlas migration to Aurora

Does anyone know how to change the display title of Custom Fields in Aurora?

Can someone walk me through authenticating and using Postman with Aurora?

Seeking Advice on Restricting Access to a posts to those who have the permalink.

TinyMceEditor is undefined