ASchroder.com

This post will describe a simple technique to secure your Magento virtual host with basic HTTP password protection provided by Apache. This can be useful if you want to keep users away from the webstore during development, or if you sell products wholesale and do not want unauthorized users to view your catalog/pricing.

To be very clear from the outset, this technique uses basic HTTP authentication, which if used over HTTP (rather than HTTPS) affords no security for the passwords while they are in transit across the internet. If you are interested, you can learn more about the limitations of basic access authentication. As a simple mechanism for keeping people out of a site, it will do just fine. If you store your nuclear missile access codes in a Magento store database, do not use this technique to protect them, please.

Normally when I’m developing a new site I just use virtual hosting and a modified operating system hosts file to prevent people visiting it while it’s in development. I realize that’s not really security, more obscurity, but it has worked fine for me in the past.

Recently I have had a need to more fully protect a site, but also to make it public via DNS records. In a nutshell the steps required are, configure virtual hosting for your webstore, configure Apache authentication, setup a user/password and reload apache. I’ll run through everything in detail below.
Read more…

I’m writing a full series on setting up your Mac for Magnto ecommerce development, I should probably start with the first step – installing MAMP on a Leopard Mac, even if it’s a quite basic and hopefully self evident.

Maybe one of the less obvious things is that you do not need MAMP pro to get virtual hosting set up in Apache on a Mac, but it will require you to work with Apache config files as described in my post on setting up virtual hosts in apache on MAMP.

Read more…