Reputation: 2549
How to protect the shop via htaccess?
I wanted to protect a Shopware 6 installation with a htaccess auth protection. But when i set it up in the .htaccess file in the /public folder i always get a "htaccess loop" in the backend (after login) and i can't use it anymore.
I tried to exclude /api and /admin but i am not happy with that.
How can i solve the problem?
/public/.htaccess
AuthName "Prompt"
AuthType Basic
AuthUserFile /home/my-project/.htpasswd
Require valid-user
SetEnvIf REQUEST_URI "(/admin)" ALLOW
SetEnvIf REQUEST_URI "(/api)" ALLOW
<RequireAny>
Require env ALLOW
Require valid-user
</RequireAny>
Upvotes: 4
Views: 1697
Answers (1)
Reputation: 1033
Put this at the beginning of your public/.htaccess file:
AuthType Basic
AuthName "Please login."
AuthUserFile /home/my-project/.htpasswd
<RequireAny>
Require expr %{THE_REQUEST} =~ m#.*?\s+\/api.*?#
Require valid-user
</RequireAny>
// Rest goes here -->
https://issues.shopware.com/issues/NEXT-4243 (German)
Basic translation for non-german users:
Ticket: NEXT-4243 | auth_basic entry blocks backend access
This ticket is not intended for implementation. Therefore it was closed. Reasons that lead to such a decision can include the complexity or the scope of the ticket, as well as possible sources of error caused by the changes. [...] The short-term solution here is not to create the authentication through the hosting configuration, but to create it via htaccess / htpasswd and then not subject requests to the URL "/ api" to the authentication in the htaccess
Upvotes: 4
Related Questions
- Password protection for a single .htaccess rewrite
- how to protect server directory using .htaccess
- Htaccess file to protect files on the server
- How can i protect a URL/Directory in my site?
- Is .htaccess directory restriction enough?
- Correct way to protect .htacces file
- htaccess to provide security
- how i can protect folder in my site by php htaccess
- Protect Apache server
- How can I protect a directory using .htaccess?