Disabling HTACCESS in Stage?

Question

Our new AzureAD B2C authentication solution needs the the SAML metadata to be publicly accessible. The HTACCESS auth prevents this. Whitelisting IP's is a joke because AzureAD uses many large ranges of IPs and it can be any one.

So, we'd like to disable HTACCESS in Stage.

Notes:

None of our content is publicly accessible - all behind a login.
Registrations are disabled.
Robotx.txt is edited w/ nofollow (if that even matters)

Khoros says we'll need to sign a security waiver. So I'm curious:

Do any of your communities have HTACCESS for Stage disabled?
How do you (or would you) go about making sure it's still secure?

Any insight would be appreciated. We're at our wits end here.

drew_c · Answer

Without knowing how the .htaccess rules are written, it seems to me like it would be possible to move the specific path for your SAML Metadata to the allow side of the rules. It's been a couple years since I had to do any Apache config. It might have to go in the config there, vs the actual .htaccess file.

Regardless, it's certainly possible to configure a "regular" web server to allow a specific path while still requiring basic auth everywhere else.

Edit: We use Azure B2C as well, with separate configs in Stage and Prod. I don't recall having any issues related to this when we implemented it.

Forum Discussion

Disabling HTACCESS in Stage?

Related Content

Stage SDK Changes?

How to disable Angular

Force/trigger a SASS precompile at Stage?

Disable Float functionality

How to call API to autenticate with HTAccess

Recent Discussions

Boosting a User

Google Tag Manager and Google Analytics Setup in Aurora platform

In Aurora, add additional <script> and <meta> tags

Incremental data for attachments in messages and replies

Incremental data for users data