password protect directory during certain hours

Posted on 2003-03-21
Medium Priority
Last Modified: 2012-05-05

I've got a website on apache.  One of my directories is password protected.  I'd like to restrict access during certain hours of the day for specific users.  Any idea how i can do this?

Eg. UserX can only have access between 8am - 1pm.

Question by:alexzaleski
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2

Expert Comment

ID: 8185583

I know for a fact that this can be done with mod_rewrite.  Two server 'variables' are available to the rewrite engine that you would probably be interested in:

TIME_*  (TIME_YEAR, TIME_MON, TIME_DAY, ...)  (obviously these represent time in various aspects)

REMOTE_USER  (this would have the username of the user who had authenticated to your password protected directory).

I would imagine something like this in your httpd.conf or .htaccess file in the password protected directory:

RewriteEngine On
RewriteCond %{TIME_HOUR}%{TIME_MIN} < 0700
RewriteCond %{TIME_HOUR}%{TIME_MIN} > 1900
RewriteCond %{REMOTE_USER} = "user1" [OR]
RewriteCond %{REMOTE_USER} = "user2" [OR]
RewriteCond %{REMOTE_USER} = "user3"
RewriteRule ^.*\.html$ restricted.html

You can probably find all the info you need from these two pages:


The rewriting guide has an example of basically the above.

So you know, I haven't tested this setup. ;)

One other thought...

The Squid proxy server can be run as a 'reverse proxy', meaning it's basically an httpd accelerator.  It has a lot of powerful features to describe when a certain resource is available or not.  You could easily place the squid server logically in 'front' of your apache server, and load both the authentication and time aspects into it.  This also gives you the added bonus of the powerful cacheing engine as well.  Something to think about at least.


Expert Comment

ID: 8185614

an interesting note regarding my rewrite suggestion comes from the rewrite documentation...

There is the special format %{LA-U:variable} for look-aheads which perform an internal (URL-based) sub-request to determine the final value of variable. Use this when you want to use a variable for rewriting which is actually set later in an API phase and thus is not available at the current stage. For instance when you want to rewrite according to the REMOTE_USER variable from within the per-server context (httpd.conf file) you have to use %{LA-U:REMOTE_USER} because this variable is set by the authorization phases which come after the URL translation phase where mod_rewrite operates. On the other hand, because mod_rewrite implements its per-directory context (.htaccess file) via the Fixup phase of the API and because the authorization phases come before this phase, you just can use %{REMOTE_USER} there.

So, if your password protected directory is in the .htaccess file, you're safe.  However, if it's in your httpd.conf file, you're going to need to use %{LA-U:REMOTE_USER} instead.


Author Comment

ID: 8186558
Thanks bobsledbob i'll give that a try. The directory I'm trying to protect is https://mysite.com/safedir

This dir has a .htaccess file in it with the authorized users in the file. Is this where you suggest the Rewrite occur?

The other hack, though much less elegant I thought about was a cronjob that would replace the .htaccess file with the appropriate one when needed and then restore the original when needed.

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Accepted Solution

bobsledbob earned 1000 total points
ID: 8187293

Your rewrite statements could go in either your .htaccess or your httpd.conf file.  If you don't have root access, then you have to put it in your .htaccess file.

Ya, using a cron job would be yucky.  But, it would definetly work.  :)


Author Comment

ID: 8192441
bobsledbob - your suggestion was right on.

Here is the exact syntax I used.
# Redirect demo2 if time before 11am and after 2pm
RewriteEngine on
RewriteCond %{TIME_HOUR}%{TIME_MIN} <1100 [OR]
RewriteCond %{TIME_HOUR}%{TIME_MIN} >1400
RewriteCond %{REMOTE_USER} ^demo2$
RewriteRule ^(.*) http://yahoo.com [L]

Thanks Alex

Expert Comment

ID: 8192686


Looks real good.  Nice job.  Short window of opportunity for demo2 (only 3 hours). ;)

Take care,



Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses
Course of the Month8 days, 12 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question