Securing Private/Dev Websites

We have many development websites which we want to keep hidden from the public.

Is there a way to do this (through a means other than obfuscation) that we can do this without having to set a server password (Apache server).

The problem we have is many files will sometimes need to look at another file on itself, through external means (because it’s a configurable thing). If the site has a password, then it gets a 401 Unauthorized error when it tries that.

Any ideas or insights?

Thanks.

If I have some development site on a public server, I password protect the site using apache. If you don’t your development site may get indexed by search engines, do you really want your development work to show up in search results somewhere?

You don’t put it onto a public server.
If it needs to be remote, private server with a VPN connection.