Some designers use HTTP Authentication to protect certain pages from being accessed without a username and password. This post shows you how to make protected pages load in the editor.

To edit pages that are protected by HTTP Authentication, you'll need to tell your server to allow connections from our IP address. If you're using Apache and have access to edit your .htaccess file, the following config should work.

AuthType Basic
AuthName "Please enter your password"
AuthUserFile /path/to/.htpasswd

Require valid-user
Order deny,allow
Deny from all

# Surreal CMS
Allow from 162.243.9.115

Satisfy Any

---

Load Balancers & Proxies

Some cloud hosting providers use load balancers or proxies that pass their own IP address to the server instead of ours. In this case, there’s usually a header called X-Forwarded-For that stores the requesting IP address.

For these setups, the following configuration should work.

SetEnvIf X-Forwarded-For "162.243.9.115" AllowIP

AuthType Basic
AuthName "Please enter your password"
AuthUserFile /path/to/.htpasswd

Require valid-user
Order deny,allow
Deny from all

Allow from env=AllowIP

Satisfy Any

---