Manualshelf

Administrator's Guide

ManualsBrandsPrestashop ManualsSoftwarePrestashop Prestashop - 1.4
12345678910
Basic authentication establishment
(.htaccess)
In order to better protect your PrestaShop install, we need to establish a
basic authentication on the admin directory.
One of the aim of the {{.htaccess}} file is to protect your folders and all
its sub-folders. It only works on Apache servers, and a few others. Make
sure your web server is Apache before creating a .htaccess file.
To achieve basic authentication on your admin folder, we need to add a
.htaccess file in that folder (for instance, /var/www/prestashop/admin):
AuthUserFile /var/www/.prestashop_admin
AuthName "Prestashop Admin Access"
AuthType Basic
Require valid-user
Options -Indexes
Explanation:
AuthUserFile: Shows the path to the file containing allowed users and
their passwords. .prestashop_admin is a text file.
AuthName: Defines the message to show when the authentication
window pops up.
AuthType: Defines the authentication type.
Require: Requires users to log in in order to access the content.
valid-user enables multiple users to connect and access the folder.
Options: Defines the folder's options. -Indexes disables automatic
generation of a directory index if no index file is available.
Here is a sample content for the .prestashop_admin file, with a login and a
password:
login1:$apr1$/wJeliK8$e9OzgRaVL8J8wSsFBXjor1
login2:$apr1$yV65Kqqz$cFt3sV2.Q7hhLRRUJDo5a/
This file contains logins and hashed password who are allowed to access
to the folder.
To hash password, you can follow this link: .htpasswd file generation.
It is strongly recommended to put this file into a directory that is
inaccessible to your web applications, so before the /openbase_dir folder. It
prevents .htpasswd file injection, in case one of yours web applications is
vulnerable.
Example: