back to phpList.org

Can I secure admin with htpasswd?

development
Tags: #<Tag:0x00007fb23a6e0340>

#1

Is there a way to secure the admin directory with a htpasswd on top of the phpList login without having to change all the public pages?
When I secure the admin folder the public pages also get secured because various javascript files are loaded from within the admin folder.

Is there a way around this without having to change the public pages completely? Perhaps something for a future phpList version?


#2

You can restrict your protection by only *.php files which are required for the process, perhaps adding something like this in your admin’s folder .htaccess may help :

<FilesMatch "\.(php)$">
      AuthName "Member Only"
      AuthType Basic
      AuthUserFile /var/www/html/phplist/public_html/lists/.htpasswd
      require valid-user
</FilesMatch>