- Posts: 3
- Thank you received: 0
Welcome to the LimeSurvey Community Forum
Ask the community, share ideas, and connect with other LimeSurvey users!
How to modify .htaccess to hide whole website behind password?
- sammawatt
- Topic Author
- Offline
- New Member
Less
More
1 year 7 months ago - 1 year 7 months ago #232235
by sammawatt
How to modify .htaccess to hide whole website behind password? was created by sammawatt
Hi,
I installed limesurvey self-hosted on own server. Works so far.
But I want to hide the whole site behind a password using .htaccess: I don't need any users, everyone who has the password can access the system anonymously.
So if you go to the site, you only see a password prompt. Simple as that, nothing else.
I am able to protect sites with a .htaccess like this:
But limesurvey already has a quite large .htaccess file installed:
Can I combine the code and if so, where should I put it?
Greetings
Alex
I installed limesurvey self-hosted on own server. Works so far.
But I want to hide the whole site behind a password using .htaccess: I don't need any users, everyone who has the password can access the system anonymously.
So if you go to the site, you only see a password prompt. Simple as that, nothing else.
I am able to protect sites with a .htaccess like this:
Code:
AuthType Basic AuthName "passwordprotected" AuthUserFile /path/to/file/.htpasswd Require valid-user
But limesurvey already has a quite large .htaccess file installed:
Code:
<IfModule mod_rewrite.c> RewriteEngine on # if a directory or a file exists, use it directly RewriteCond %{REQUEST_FILENAME} !-f # RewriteCond %{REQUEST_FILENAME} !-d # otherwise forward it to index.php RewriteRule . index.php # deny access to hidden files and directories except .well-known RewriteCond %{REQUEST_URI} !^/\.well-known RewriteRule ^(.*/)?\.+ - [F] # deny access to composer.json that is used for remote fingerprinting RewriteRule ^composer.json - [F] </IfModule> # deny access to hidden files and directories without mod_rewrite RedirectMatch 403 ^/(?!\.well-known/)(.*/)?\.+ # General setting to properly handle LimeSurvey paths # AcceptPathInfo on # XSS protection <IfModule mod_headers.c> Header set X-XSS-Protection "1; mode=block" <FilesMatch "\.(svgz?)$"> Header set Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline'" </FilesMatch> </IfModule> # Disable Multiviews (issue #16859) <IfModule mod_negotiation.c> Options -MultiViews </IfModule>
Can I combine the code and if so, where should I put it?
Greetings
Alex
Last edit: 1 year 7 months ago by sammawatt.
Please Log in to join the conversation.
- jelo
- Offline
- Platinum Member
Less
More
- Posts: 5033
- Thank you received: 1257
1 year 7 months ago #232242
by jelo
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
Replied by jelo on topic How to modify .htaccess to hide whole website behind password?
You can add your stuff to that htaccess file. Not sure if you really want to protect the whole LimeSurvey installation. All surveys will also be protected by that password.
And not sure what "I don't need any users, everyone who has the password can access the system anonymously." implies. You still will need user accounts to allow access to the backend.
And not sure what "I don't need any users, everyone who has the password can access the system anonymously." implies. You still will need user accounts to allow access to the backend.
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
Please Log in to join the conversation.
- sammawatt
- Topic Author
- Offline
- New Member
Less
More
- Posts: 3
- Thank you received: 0
1 year 7 months ago #232289
by sammawatt
Replied by sammawatt on topic How to modify .htaccess to hide whole website behind password?
Thanks, I will try that tomorrow. Adding to end of file or at the beginning makes no difference I guess?
Indeed I want to "hide" the whole installation, only some people should use it.
And of course I have a user for the backend - I just don't need user login on frontend.
All surveys will be anonymously and I don't think anyone will do the survey more than once to cheat.
Indeed I want to "hide" the whole installation, only some people should use it.
And of course I have a user for the backend - I just don't need user login on frontend.
All surveys will be anonymously and I don't think anyone will do the survey more than once to cheat.
Please Log in to join the conversation.
- holch
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 11660
- Thank you received: 2742
1 year 7 months ago #232296
by holch
There is no user login on frontend in Limesurvey. I think that is why Jelo (and I) are a little confused.
You might be fully aware of this, but if you secure the whole Limesurvey installation with a password via .htaccess everyone who should fill in a survey would need to have this password. If this is clear to you, go for it.
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.
Replied by holch on topic How to modify .htaccess to hide whole website behind password?
I just don't need user login on frontend.
There is no user login on frontend in Limesurvey. I think that is why Jelo (and I) are a little confused.
You might be fully aware of this, but if you secure the whole Limesurvey installation with a password via .htaccess everyone who should fill in a survey would need to have this password. If this is clear to you, go for it.
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.
Please Log in to join the conversation.
- sammawatt
- Topic Author
- Offline
- New Member
Less
More
- Posts: 3
- Thank you received: 0
1 year 7 months ago #232305
by sammawatt
Replied by sammawatt on topic How to modify .htaccess to hide whole website behind password?
Yes that is exactly what I want - sorry I didn't explain it sufficiently:
Anyone without password can't see anything but a password prompt and doesn't even know limesurvey is there.
All participants of surveys have the password (for very small group, but regular surveys).
Admin needs password as well, and after that can login with own password on backend.
Anyone without password can't see anything but a password prompt and doesn't even know limesurvey is there.
All participants of surveys have the password (for very small group, but regular surveys).
Admin needs password as well, and after that can login with own password on backend.
Please Log in to join the conversation.
- holch
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 11660
- Thank you received: 2742
1 year 7 months ago #232323
by holch
Then you are fine. We just commented on this, because the request is somewhat "different" and we often see in the forum that it is good to ask those things and clarify. But if you are aware that anyone needs to have the password, you are good to go with .htaccess. Good luck.
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.
Replied by holch on topic How to modify .htaccess to hide whole website behind password?
Yes that is exactly what I want
Then you are fine. We just commented on this, because the request is somewhat "different" and we often see in the forum that it is good to ask those things and clarify. But if you are aware that anyone needs to have the password, you are good to go with .htaccess. Good luck.
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.
Please Log in to join the conversation.
- holch
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 11660
- Thank you received: 2742
1 year 5 months ago #234046
by holch
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.
Replied by holch on topic How to modify .htaccess to hide whole website behind password?
Congratulations, magajaj330!
You have just won a forum ban for spamming!
You have just won a forum ban for spamming!
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.
Please Log in to join the conversation.