And above all, Google & Co. should definitely not look at such a test environment. A robots.txt would be a possibility, but protection via a .htpasswd file at Apache level is more secure. I will show you how you can give direct access to your IP address. This is useful if you have a fixed IP at work or if you are connected to work from home via VPN. Of course, this can also be combined with conventional password protection if the customer also needs access.
You could just add the following lines to the end of your .htaccess file. In this case, the intended environment develop.example.org is protected from access. If the same file is on the live system at example.org, there is no protection there.
### Begin: HTTP authentication ### <Files ~ "^\.(htaccess|htusers|htpasswd)$"> Require all denied </Files> SetEnvIf Host ".\..*" auth=1 # Host to protect (multiple lines with different hosts are possible) SetEnvIf Host "develop.example.org" !auth AuthType Basic AuthName "Development system" # The path must be an existing absolute path AuthUserFile /absolute/path/.htpasswd <RequireAny> Require env auth Require valid-user # IP address of you Require ip 123.456.789.123 </RequireAny> ### End: HTTP authentication ###
Tip: If you want to create a .htusers or .htpasswd file, the .htpasswd generator, for example, will help you. You can then save the content in a file under "/absolute/path/.htpasswd".