Protecting OXID Admin Area with .htaccess Password
Although OXID uses a standard authentication mechanism for protecting the /admin area, it is advisable to additionally apply .htaccess protection. This will keep hackers (and maybe unscruplous competitors) out of your OXID-Admin area.
This quick howto helps you setup .htaccess authentication on Linux environments
2 files are needed for applying .htaccess protection to your shop:
- The .htaccess file itself
- A password text file in which the username and encrypted password are stored
Step 1:
Create a .htaccess file using touch or vi and place it in your OXID-Admin area. This file should contain following contents.
AuthName “Section Name”
AuthType Basic
AuthUserFile /full/nonweb/directory/.htpasswd
Require valid-user
Step 2:
At any location which is not exposed on the web-server, create a file called the location /full/nonweb/directory/ create the .htpasswd file, using the command-line htpasswd tool. The exact command is:
myshell: htpasswd /full/nonweb/directory/.htaccess admin_username
admin_username can usually be left as admin.
You will be prompted after the above shell command to provide a password, and then verify it.
That’s it! You may now try this out at http://shopurl.com/admin/
euroblaze is a German e-Commerce company that specializes in delivering end-to-end
Web-Solutions for online merchants. We are experts and a Certified Solution Partner for the
cutting-edge, robust, modular and beautiful OXID e-Sales platform.
English
