Walled Garden Security - Apache Authentication

Hello,

I have installed the latest version of Elgg (via composer) on a VPS (Ubuntu 20.04 - Plesk Obsidian). It is a private family site (invite only) and hence I am using the Walled Garden. The data folder is outside httpdocs.

Ideally, I would like the site to be protected from indexing and bots. However, when I attempt to use http authentication, I run into problems, which I suspect might be Plesk taking control of the apache config files. 

Could someone please give a few pointers:

a) Is it possible to use http authentication with Elgg?

b) How secure is Elgg in Walled Garden mode from indexing and those pesky bots?

Thanks in advance.     

 

  • Not to worry, I've answered my own question.

    I added AuthType Basic to .htaccess.

  • How secure is Elgg in Walled Garden mode from indexing and those pesky bots?

    We haven't had any issues yet with our clients which use Walled Garden mode to protect their websites from the public eye.

    In the admin section you can also configure the robots.txt which is used by the indexing bots, there you can make sure the bots don't try to index your site.

    But since all unauthenticated responses are 403 the bots wont index those pages anyway

  • Thanks for the confirmation, Jerome. I ended up using authtype basic for site access and then email-only login for the walled garden.

Beginning Developers

Beginning Developers

This space is for newcomers, who wish to build a new plugin or to customize an existing one to their liking