# 4.9 Encrypt Path

#### 📘 Overview

The **Encrypt Path** module allows you to restrict access to specific URL paths by requiring a **username and password**.\
It functions like lightweight HTTP authentication and provides **edge-level protection** — without touching backend code.

***

#### 🎯 Purpose

* Protect internal pages, admin panels, or test environments
* Control access to staging or early-access content
* Secure downloadable resources with a password
* Prevent unauthorized users from accessing private directories

***

#### 🛠️ How It Works

You define:

* **Username** – Only users with this username can proceed
* **Password** – Must be provided to gain access
* **Encrypted Path** – The full or partial URL path to protect
* **Authorization Message** (optional) – Custom message shown when access is denied

When someone accesses a protected URL:

* A login prompt appears
* If the credentials match, the request is allowed
* If incorrect, the user sees your custom denial message and access is blocked

***

#### ⚙️ How to Configure Encryption

1. Go to **Security Rules > Encrypt Path**
2. Click:
   * 🔵 `Username` to set or change the login username
   * 🟠 `Password` to set or change the login password
   * 🟢 `Set a Message` to define a custom message for failed logins (e.g., *"Bu alana erişim yetkiniz yok"*)
   * 🟧 `Specify the page to be encrypted` and enter the full URL you want to protect (e.g., `https://shieldsguard.com/admin`)
3. Click **Encrypt** to activate protection

<figure><img src="https://1888569782-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fj6f1XtdOtNUZVCRH9J44%2Fuploads%2F2hyzRcToQHuvclmW59fU%2Fimage.png?alt=media&#x26;token=4dba4a7d-8693-415a-a668-665fce56b3c9" alt=""><figcaption></figcaption></figure>

***

#### 📋 Example Use Case

* Protect `/admin-panel` with username: `sg` and a strong password
* Show a denial message like: “You do not have access to this area”
* Ensure only internal users with credentials can reach the path

***

#### 🔐 Why This Matters

Encrypt Path allows secure, no-code restriction of sensitive areas:

* Without installing plugins
* Without modifying server configs
* Without writing auth logic

It's ideal for developers and admins who want to **quickly lock down access** to certain pages.

***

#### ⚠️ Best Practices & Notes

* Use strong, non-production credentials (base64 encoded, not encrypted)
* Always access encrypted paths over **HTTPS**
* Combine with **Rate Limiting** to stop brute-force attempts
* Do **not** use this for dynamic login pages — leave those to your backend authentication

***

🎯 **Encrypt Path gives you instant, secure access control — with zero backend integration.**