--- title: "Protecting sites with HTTP authentication" date: "2024-02-14T06:18:38+00:00" summary: "Secure your development sites with HTTP authentication. Learn how to implement the Shield module, control access, and protect your websites from unauthorized visitors and search engine crawlers." image: type: "page" url: "/site-factory/protecting-sites-http-authentication" id: "73b0e948-8846-4d33-8458-ca42f13d4d3d" --- On occasion, you want to control who can visit your website while under development: * You want only the team working on your website to see the website. * You want to block search engine crawlers or robots not respecting your `robots.txt` file. The Site Factory HTTP authentication feature provides an extra measure of protection to prevent exposing your hosted websites to unauthorized visitors, while still providing access to users who are working on the websites. To give HTTP authentication protection, Site Factory uses the Drupal [Shield](https://www.drupal.org/project/shield) module to require website visitors to enter a username and password to view your website. The [Site Factory Management Console](/site-factory/manage) can enable the Shield module for your websites requiring HTTP authentication. Important HTTP authentication is intended for non-primary websites in an Site Factory [site collection](/site-factory/manage/website/site-coll). The HTTP authentication feature in Site Factory doesn’t distinguish between production and non-production environments. HTTP authentication is set to be enabled/disabled across all stacks in a subscription. If a user enables the feature, it will be enabled in the same configuration for all stacks. Requirements ------------ To use HTTP authentication, you must add the [Shield](https://www.drupal.org/project/shield) module to your Site Factory codebase. Enabling HTTP authentication requirements ----------------------------------------- All users who visit a non-primary website in a [site collection](/site-factory/manage/website/site-coll) protected by HTTP authentication must enter the same user name and password to view the website. To require HTTP authentication for your Site Factory non-primary websites: 1. [Sign in](/site-factory/login) to the [Site Factory Management Console](/site-factory/manage) using an account with the [platform admin](/site-factory/manage/users/admin/platform-admin) role. 2. In the admin menu, click **Administration**, and then, under **Site Factory management**, click the **Require HTTP authentication** link. 3. Click the **Require HTTP authentication** checkbox, and then enter values in the following fields: * **Default site guard message**: Displayed to website visitors in the HTTP authentication login dialog box * **HTTP authentication user name**: User name required to access the protected websites * **HTTP authentication password**: Password required to access the protected websites 4. Click **Save**. Existing site collections aren’t instantly protected by HTTP authentication. HTTP authentication occurs the first time a domain name or primary website status changes within the site collection. Site collections and HTTP authentication ---------------------------------------- If a [site collection](/site-factory/manage/website/site-coll) has a custom domain name, HTTP authentication applies to all secondary websites in the site collection. If a site collection doesn’t have a custom domain name, HTTP authentication applies to both primary and secondary websites. Maintenance mode comparison --------------------------- As an alternative to using the Shield module to require HTTP authentication, you must configure your website to use [maintenance mode](/acquia-cloud-platform/help/93561-maintenance-mode "Maintenance Mode"). Maintenance mode blocks access to non-authorized users so only _administrators_ can sign in to your websites. Lower-level _content managers_ who aren’t _administrators_ can’t sign in to websites in maintenance mode.