I helped deploy a Magento store today, but the client did not have all the prod­ucts entered in the data­base, and won’t be ready to launch that part of the site for another month. So they wanted a “Com­ing Soon!” splash page to be at the sub­di­rec­tory where the store is and pass­word pro­tect every­thing else. To do that I had to recon­fig­ure the .htac­cess file.

First I needed to chage the default index file. That’s sim­ple. Change…

DirectoryIndex index.php


DirectoryIndex index.html

Next I needed to pass­word pro­tect the site. That accom­plished by using htpass­word to setup the users and groups, fol­lowed by adding the fol­low­ing direc­tives to the end of the .htac­cess file.

AuthType Basic
AuthName "protected area"
AuthUserFile /home/68571/.htpasswd
AuthGroupFile /home/68571/.htgroup
Require group group
Require user username

That will pass­word pro­tect every­thing. Finally, I need to allow the index.html file for the splash page.

<FilesMatch "^$|store|index.html">
  Allow from all
  Satisfy any

The first regex will match against “subdir/”, the sec­ond regex matches “sub­dir”, and the third matches “subdir/index.html”. That’s it.

2 Responses to “Use .htaccess To Password Protect All But The Index File”

  1. Mark said on July 26th, 2010 at 6:39 am:

    Hi Brian,

    This way you will not be able to browse the store, also not when explic­itly open­ing index.php, because you will always be get­ting back to index.html.

    Is there a way to be able to browse, so use, the store but only after login/password autor­iza­tion? This way out­side pub­lic can­not enter and you can work on your shop until ready.


  2. Brian said on July 26th, 2010 at 12:01 pm:

    Hey Mark,

    The explicit use of index.php is by design. At the time, since the site was under con­struc­tion, the client did not mind using index.php as long as it was removed at launch.

    If you just want to pass­word pro­tect the store with no splash page, just leave “Direc­to­ryIn­dex index.php” alone. Don’t change it to index.html and that should do it, I think.