Shopware password protection with .htaccess

Preface

If you want to protect directories of your Shopware installation and/or your online store (e.g. the entire Shopware storefront) with HTTP Basic authentication, our instructions will show you how to set this up on your Shopware or Plesk server.


Requirements

  • Shopware installation
  • Plesk Control Panel


Create user name and password (.htpasswd)

In the first step, connect to your Plesk server using SSH and the SSH user associated with the subscription:


ssh musteruser@sXXXXX.creolineserver.com


Now use the following command to create an .htpasswd with the desired user name and password. Replace <domain> with your corresponding subscription and musteruser with the desired user name. Then enter the desired password and confirm your entry by entering the password again:


htpasswd -c /var/www/vhosts/<domain>/.htpasswd musteruser
New password:
Re-type new password:


Customize the .htaccess file in the Plesk Control Panel

First log in via the customer center at account.creoline.com with your access data and log in to the Plesk Control Panel on the desired server. The following help center article shows you how to log in to the Plesk Control Panel: Logging into the Plesk Control Panel


Then select the menu item Files for your Shopware domain to open the document root of your Shopware store.


Plesk Control Panel - Domain Overview](/api/attachments.redirect?id=efdb86b9-189c-4c45-94d9-260a016429b8)


Then click on the .htaccess file in the File Manager to edit it via the Plesk Control Panel and navigate with the cursor to the end of the file so that the changes are inserted below the standard shopware instructions.


Plesk Control Panel - Document-Root


Add the following content to the .htaccess file to ensure that the password protection is only applied to the Shopware storefront, otherwise there will be problems with the administration and Shopware's integrated API. Replace the placeholder <domain> with your corresponding subscription:


AuthName "Administrator's Area"
AuthType Basic
AuthUserFile /var/www/vhosts/<domain>/.htpasswd
require valid-user

SetEnvIf Request_URI /api noauth=1
<RequireAny>
Require env noauth
Require env REDIRECT_noauth
Require valid-user
</RequireAny>

SetEnvIf Request_URI /admin noauth=1
<RequireAny>
Require env noauth
Require env REDIRECT_noauth
Require valid-user
</RequireAny>

SetEnvIf Request_URI /product-api noauth=1
<RequireAny>
Require env noauth
Require env REDIRECT_noauth
Require valid-user
</RequireAny>

SetEnvIf Request_URI /store-api noauth=1
<RequireAny>
Require env noauth
Require env REDIRECT_noauth
Require valid-user
</RequireAny>


Save the file so that the change takes effect and finally test it with the following calls. Replace musterdomain.tld with the actual domain of the store:


  1. call the Shopware storefront (e.g. https://musterdomain.tld)
  2. call the Shopware admin backend (e.g. https://musterdomain.tld/admin)


You should be prompted to enter a user name and password the first time you call it up.



Similar articles
On this page
Emergency?
In urgent cases, our emergency hotline is available around the clock at +49 2507 900 80 - 34.