Magento – EDIT: How to protect index.php/admin url using htaccess

.htaccessmagento-1.9passwordurl

As accurate answers still not showing up, I had to take the alternative to remove index.php from http://example.com/index.php/admin

Below is my code at the top of .htaccess file

RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_URI} !^/index.php/admin/
RewriteRule ^index.php/(.*) $1 [R=301,QSA,L]

I have written below code at the bottom of .htaccess file

<Files admin>

 AuthUserFile /var/www/magento/.htpasswd
 AuthName "Private access"
 AuthType Basic
 require user dummyuser

</Files>

Problem: Currently it successfully blocked the URL http://example.com/admin but not http://example.com/index.php/admin.

Also index.php is removed from http://example.com/index.php/admin but not from http://example.com/index.php/admin/ with /

I am using Magento 1.9.2.4

Best Answer

You should be able to do this using the combination of mod_env and the Satisfy any directive. You can use SetEnvIf to check against the Request_URI, even if it's not a physical path. You can then check if the variable is set in an Allow statement. So either you need to log in with password, or the Allow lets you in without password:

# Do the regex check against the URI here, if match, set the "require_auth" var
SetEnvIf Request_URI ^/index.php/admin require_auth=true

# Auth stuff
AuthUserFile /var/www/htpasswd
AuthName "Password Protected"
AuthType Basic

# Setup a deny/allow
Order Deny,Allow
# Deny from everyone
Deny from all
# except if either of these are satisfied
Satisfy any
# 1. a valid authenticated user
Require valid-user
# or 2. the "require_auth" var is NOT set
Allow from env=!require_auth

Related Solutions

Magento – Magento install in subfolder of ServerRoot: how to use server rewrites to get rid of subfolder in all URLs

What you are describing is normally done using the so-called document root of the domain. The document root is specified in the Apache server configuration files (e.g. when you are using PLESK it is under /var/www/vhosts/yourdomain.com/conf/vhost.conf). In that file you would just put something in the lines of:

DocumentRoot  /home/jsonderson/pulic_html/mydomain

and then restart the web server to load the new configuration. Afterwards, the domain.com will point exactly to that folder and that is all you have to do.

Have a look at the apache virtual host configuration: http://httpd.apache.org/docs/current/vhosts/examples.html

Magento 2.1 URL Redirects Using mod_rewrite in htaccess Not Working

Bitnami developer here. If you modified your httpd-app.conf file to use "AllowOverride all", it is possible you have other ".htaccess" file into the "/opt/bitnami/apps/magento/htdocs" folder that is overwriting that rewrite rule. If you set to "None" should fixes that issue.

Magento also requires to be configured with the hostnami or IP address of your site. It does not depend on the rewrite rule. Check you already configured the application properly with your domain/IP. https://docs.bitnami.com/installer/apps/magento/#updating-the-ip-address-or-hostname

I hope it helps

Best Answer

Related Solutions

Magento – Magento install in subfolder of ServerRoot: how to use server rewrites to get rid of subfolder in all URLs

Magento 2.1 URL Redirects Using mod_rewrite in htaccess Not Working

Related Topic