There is no doubt that live testing is much preferred before pushing to the Production environment, however, there are times when a new feature or changes on Integration/ Staging environment is preferred to be kept private or secret from the public network; for this, HTTP authentication would be a solution.
What is HTTP Basic Authentication?
The basic flow of any HTTP Basic Authentication is as follows:
- A client requests access to any page from the store.
- The web server returns a dialog box that requests username and password.
- The client submits the username and password to the server.
- The server authenticates the user,if successful, returns the requested page.
Magento Cloud provides a very simple web interface for enabling HTTP authentication; just click on the environment and go to Configure Environment → Settings; then click Edit on HTTP access control.
The interface will look like the following:
By using the above interface the administrator can set any amount of usernames and passwords, and/or restrict or allow by IP address.
After finishing setting up the administrator must switch HTTP access control to ON in order to apply the changes, this will display a login dialog if the client has not been authenticated yet.
This will add an extra security layer to those teams that require to live test under a certain degree of discretion, being also secured since Magento Cloud utilizes SSL as default for all communication.
