Can I secure admin with htpasswd?

Egon · May 11, 2019, 8:29pm

Is there a way to secure the admin directory with a htpasswd on top of the phpList login without having to change all the public pages?
When I secure the admin folder the public pages also get secured because various javascript files are loaded from within the admin folder.

Is there a way around this without having to change the public pages completely? Perhaps something for a future phpList version?

erion · May 21, 2019, 9:57am

You can restrict your protection by only *.php files which are required for the process, perhaps adding something like this in your admin’s folder .htaccess may help :

<FilesMatch "\.(php)$">
      AuthName "Member Only"
      AuthType Basic
      AuthUserFile /var/www/html/phplist/public_html/lists/.htpasswd
      require valid-user
</FilesMatch>