Working with HTTP Authentication

By Cory LaViska on April 17, 2019

Some designers use HTTP Authentication to protect certain pages from being accessed without a username and password. This post shows you how to make protected pages load in the editor.

Chain link fenceTo edit pages that are protected by HTTP Authentication, you'll need to tell your server to allow connections from our IP address. If you're using Apache and have access to edit your .htaccess file, the following config should work.

AuthType Basic
AuthName "Please enter your password"
AuthUserFile /path/to/.htpasswd

Require valid-user
Order deny,allow
Deny from all

# Surreal CMS
Allow from 162.243.9.115

Satisfy Any

Load Balancers & Proxies

Some cloud hosting providers use load balancers or proxies that pass their own IP address to the server instead of ours. In this case, there’s usually a header called X-Forwarded-For that stores the requesting IP address.

For these setups, the following configuration should work.

SetEnvIf X-Forwarded-For "162.243.9.115" AllowIP

AuthType Basic
AuthName "Please enter your password"
AuthUserFile /path/to/.htpasswd

Require valid-user
Order deny,allow
Deny from all

Allow from env=AllowIP

Satisfy Any

Notice

Our IP address has changed from version 5 to version 7. The old IP address was 45.55.90.199 and the new IP address is 162.243.9.115.