Protecting sites with HTTP authentication

There are times when you want to control who can visit your website while it is under development:

  • You want to block normal website visitors from viewing the website while developers continue to work on the website.
  • You want to block search engine crawlers or robots that don't respect your robots.txt file.

The Acquia Cloud Site Factory HTTP authentication feature provides an extra measure of protection to ensure that your hosted websites are not exposed to unauthorized visitors, while still providing access to users who are working on the websites.

To accomplish this, Acquia Cloud Site Factory uses the Drupal Shield module to require website visitors to enter a username and password (which uses HTTP authentication) to be able to view your website. The Site Factory Management Console can enable the Shield module for your websites, and therefore require HTTP authentication.


To use the HTTP authentication feature, you must add the Shield module to your Acquia Cloud Site Factory codebase and install it on your Acquia Cloud Site Factory websites.

Enabling HTTP authentication requirements

To require HTTP authentication for your Acquia Cloud Site Factory websites, complete the following steps:

  1. Sign in to the Site Factory Management Console using an account with the platform admin role.
  2. In the admin menu, click Administration, and then, under Site Factory management, click the Require HTTP authentication link.
  3. Click the Require HTTP authentication check box, and then enter values in the following fields:
    • Default site guard message - Displayed to website visitors in the HTTP authentication login dialog box
    • HTTP authentication user name - User name required to access the protected websites
    • HTTP authentication password - Password required to access the protected websites
  4. Click Save.

Site collections and HTTP authentication

If a site collection has a custom domain name, the HTTP authentication requirement applies to all of the websites in the site collection, other than the primary website. If a site collection does not have a custom domain name, the HTTP authentication requirement applies to all sites.

Maintenance mode comparison

As an alternative to using the Shield module to require HTTP authentication, you could set your website to maintenance mode to block access to non-authorized users. However, with that approach, only administrators can sign in — lower-level content managers who are not administrators cannot sign in to websites in maintenance mode.

Drupal Projects

Contact supportStill need assistance? Contact Acquia Support