Hi,
I installed limesurvey self-hosted on own server. Works so far.
But I want to hide the whole site behind a password using .htaccess: I don't need any users, everyone who has the password can access the system anonymously.
So if you go to the site, you only see a password prompt. Simple as that, nothing else.
I am able to protect sites with a .htaccess like this:
Code:
AuthType Basic
AuthName "passwordprotected"
AuthUserFile /path/to/file/.htpasswd
Require valid-user
But limesurvey already has a quite large .htaccess file installed:
Code:
<IfModule mod_rewrite.c>
RewriteEngine on
# if a directory or a file exists, use it directly
RewriteCond %{REQUEST_FILENAME} !-f
# RewriteCond %{REQUEST_FILENAME} !-d
# otherwise forward it to index.php
RewriteRule . index.php
# deny access to hidden files and directories except .well-known
RewriteCond %{REQUEST_URI} !^/\.well-known
RewriteRule ^(.*/)?\.+ - [F]
# deny access to composer.json that is used for remote fingerprinting
RewriteRule ^composer.json - [F]
</IfModule>
# deny access to hidden files and directories without mod_rewrite
RedirectMatch 403 ^/(?!\.well-known/)(.*/)?\.+
# General setting to properly handle LimeSurvey paths
# AcceptPathInfo on
# XSS protection
<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
<FilesMatch "\.(svgz?)$">
Header set Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline'"
</FilesMatch>
</IfModule>
# Disable Multiviews (issue #16859)
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
Can I combine the code and if so, where should I put it?
Greetings
Alex
Topic Author
