I am using a 3rd party to handle authentication for me (http://www.janrain.com/) but the problem is I need to lock down my development environment. I added some basic Apache mod_auth to my vhost but now my authentication is failing. I believe it is because the 3rd party sends post request which is not making it due to the HTTP authentication occurring ... ? Can anyone help me (or tell me) how to allow the POST request from the 3rd party to bypass the authentication? I am using Rails if that helps.

Apache VHost Configuration

<Directory /srv/www/dev/current/public>
      AuthType Basic
      AuthUserFile /srv/auth/.htpasswd
      AuthName "Please Authenticate ..."
      Require valid-user
</Directory>

Perhaps you could remove the password protection and use allow/deny instead. Something like...

<Location srv/www/dev/current/public>
    Order deny,allow
    Deny from all
    Allow from 192.168.0.1
    Allow from 192.168.2.2
</Location>

_________________
sleddog

Don't think that will make a difference. I tried adding the domain sending the POST request but that didn't work.

I believe that I have isolated the problem to Apache mod_auth adding session variables with the HTTP username. My application is trying to lookup the user but mod_auth is setting the username to the HTTP authorization username which does not exist in the database.

I posted more details here (still not resolved): http://railsforum.com/viewtopic.php?id=43504