Use .htaccess To Password Protect All But The Index File
Posted July 31st, 2009 in SoftwareTags: Apache, Software
I helped deploy a Magento store today, but the client did not have all the products entered in the database, and won’t be ready to launch that part of the site for another month. So they wanted a “Coming Soon!” splash page to be at the subdirectory where the store is and password protect everything else. To do that I had to reconfigure the .htaccess file.
First I needed to chage the default index file. That’s simple. Change…
DirectoryIndex index.php
to…
DirectoryIndex index.html
Next I needed to password protect the site. That accomplished by using htpassword to setup the users and groups, followed by adding the following directives to the end of the .htaccess file.
AuthType Basic AuthName "protected area" AuthUserFile /home/68571/.htpasswd AuthGroupFile /home/68571/.htgroup Require group group Require user username
That will password protect everything. Finally, I need to allow the index.html file for the splash page.
<FilesMatch "^$|store|index.html"> Allow from all Satisfy any </FilesMatch>
The first regex will match against “subdir/”, the second regex matches “subdir”, and the third matches “subdir/index.html”. That’s it.
Hi Brian,
This way you will not be able to browse the store, also not when explicitly opening index.php, because you will always be getting back to index.html.
Is there a way to be able to browse, so use, the store but only after login/password autorization? This way outside public cannot enter and you can work on your shop until ready.
Mark
Hey Mark,
The explicit use of index.php is by design. At the time, since the site was under construction, the client did not mind using index.php as long as it was removed at launch.
If you just want to password protect the store with no splash page, just leave “DirectoryIndex index.php” alone. Don’t change it to index.html and that should do it, I think.