Although OXID uses a standard authentication mechanism for protecting the /admin area, it is advisable to additionally apply .htaccess protection. This will keep hackers (and maybe unscruplous competitors) out of your OXID-Admin area.
This quick howto helps you setup .htaccess authentication on Linux environments
2 files are needed for applying .htaccess protection to your shop:
- The .htaccess file itself
- A password text file in which the username and encrypted password are stored
OXID Owner Admin .htpasswd, .htaccess File
Step 1
Create a .htaccess file in the /admin folder using touch or vi and place it in your OXID-Admin area. This file should contain following contents.
AuthName "OXID Admin"
AuthType Basic
AuthUserFile /full/nonweb/directory/.htpasswd
Require valid-user
Step 2
At any location which is not exposed on the web-server, create a file called the location /full/nonweb/directory/ create the .htpasswd file, using the command-line htpasswd tool. The exact command is:
myshell: htpasswd /full/nonweb/directory/.htpasswd admin_username
admin_username can usually be left as admin.
You will be prompted after the above shell command to provide a password, and then verify it.
That’s it! You may now try this out at http://shopurl.com/admin/
Tags: .htaccess, OXID, OXID Administrators, Security
Category OXID Administrators, OXID Developers, Shop Owners
Although OXID uses a standard authentication mechanism for protecting the /admin area, it is advisable to additionally apply .htaccess protection. This will keep hackers (and maybe unscruplous competitors) out of your OXID-Admin area.
This quick howto helps you setup .htaccess authentication on Linux environments
2 files are needed for applying .htaccess protection to your shop:
- The .htaccess file itself
- A password text file in which the username and encrypted password are stored
Step 1:
Create a .htaccess file using touch or vi and place it in your OXID-Admin area. This file should contain following contents.
AuthName “Section Name”
AuthType Basic
AuthUserFile /full/nonweb/directory/.htpasswd
Require valid-user
Step 2:
At any location which is not exposed on the web-server, create a file called the location /full/nonweb/directory/ create the .htpasswd file, using the command-line htpasswd tool. The exact command is:
myshell: htpasswd /full/nonweb/directory/.htaccess admin_username
admin_username can usually be left as admin.
You will be prompted after the above shell command to provide a password, and then verify it.
That’s it! You may now try this out at http://shopurl.com/admin/
Tags: .htaccess
Category Miscellaneous
If your shop is under development and you’d like to restrict access to it from the public (or search-engine crawlers), you may use .htpasswd Authentication for temporarily locking down your site.
Offering .htpasswd Authentication entails the following steps:
- Generate a password file using the htpasswd command, which contains the authorized users and their respective hashed passwords
- Place directives in your OXID shop’s .htaccess file to require a match of username/password from this file.
To generate a password file
# .htpasswd -c /home/some_non-www_path/pwd_file admin
Upon running this command, a new password is requested for the user “admin”
Include this block of directives in your OXID Shop’s .htaccess file
AuthUserFile /home/some_path/pwd_file
AuthGroupFile /dev/null
AuthName “OXID Shop Owner’s Area”
AuthType Basic
require user admin
Tags: .htaccess, OXID, Password Protection
Category Miscellaneous
Short of bashing my head against the office wall upon being repeatedly confronted with a 404 Not Found error, I realized that I was using the wrong path for RewriteBase in .htaccess file. The exact error was:
The requested URL /home/oxid/pubweb/4_2_0/oxseo.php was not found on this server.
Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny4 with Suhosin-Patch Server at 192.168.253.129 Port 80
If anyone faces this on your OXID installations, this could be your fix, too.
We were using:
RewriteBase /home/oxid/pubweb/4_2_0/
Instead we should have been using:
RewriteBase /oxid/
.. where the target URL is http://192.168.253.129/oxid/ (being used to put together a Debian 5.0 Lenny Virtual Machine for OXID 4.2)
Tags: .htaccess, OXID, SEO
Category OXID Administrators, OXID Developers
Before you take off into the glories of e-Commerce with OXID, sometime, .htaccess and mod_rewrite configuration issues might pose small hinderences. This is a collection of problems that you might encounter, and solutions to them.
RewriteBase in .htaccess
If you are are running a shop at a path other than the root web path (ex. http://www.domain.com/), say at http://www.domain.com/shop/, you will have to define the RewriteBase in your shop’s .htaccess file. Add this line:
RewriteBase /path/to/dir/subdir/
Ex. if you are running the shop at http://www.mydomain.com/shop/, then the RewriteBase should be:
RewriteBase /shop/
AllowOverwrite All
In your Apache server configuration, AllowOverride should be set to All (None by default on most Apache installations).
This helps SEF URLs to work, by allowing URL manipulation in the .htaccess file of your OXID installation.
Tags: .htaccess, Apache, Installation, OXID
Category OXID Administrators
euroblaze is a German e-Commerce company that specializes in delivering end-to-end
Web-Solutions for online merchants. We are experts and a Certified Solution Partner for the
cutting-edge, robust, modular and beautiful OXID e-Sales platform.
English
