diff --git a/manifest.json b/manifest.json
index d079163..5e91bbb 100644
--- a/manifest.json
+++ b/manifest.json
@@ -49,6 +49,10 @@
                     "en": "Is it a public site?",
                     "fr": "Est-ce un site public ?"
                 },
+                "help": {
+                    "en": "If private, only YunoHost users can create a paste, but everyone can read it.",
+                    "fr": "Si privé, seul les utilisateurs YunoHost peuvent créer un paste, mais tout le monde peut lire."
+                },
                 "default": true
             }
         ]
diff --git a/scripts/change_url b/scripts/change_url
index 1647c29..0017e2c 100644
--- a/scripts/change_url
+++ b/scripts/change_url
@@ -76,6 +76,24 @@ then
 	ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
 fi
 
+#=================================================
+# UPDATE SSOWAT
+#=================================================
+ynh_script_progression --message="Reconfiguring SSOwat..."
+
+if [ $is_public -eq 0 ]
+then
+    # If the app is private, viewing images stays publicly accessible.
+    if [ "$new_path" == "/" ]; then
+        # If the path is /, clear it to prevent any error with the regex.
+        new_path=""
+    fi
+    # Modify the domain to be used in a regex
+    domain_regex=$(echo "$new_domain" | sed 's@-@.@g')
+    ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$new_path/$"
+    ynh_app_setting_set --app=$app --key=unprotected_regex --value="$domain_regex$new_path/.*$"
+fi
+
 #=================================================
 # GENERIC FINALISATION
 #=================================================
diff --git a/scripts/install b/scripts/install
index f352be7..28f93f2 100644
--- a/scripts/install
+++ b/scripts/install
@@ -105,8 +105,14 @@ ynh_script_progression --message="Configuring SSOwat..."
 
 # If app is public, add url to SSOWat conf as skipped_uris
 if [ $is_public -eq 1 ]; then
-  # unprotected_uris allows SSO credentials to be passed anyway.
-  ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
+    # unprotected_uris allows SSO credentials to be passed anyway.
+    ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
+else
+    # If the app is private, viewing paste stays publicly accessible.
+    # Modify the domain to be used in a regex
+    domain_regex=$(echo "$domain" | sed 's@-@.@g')
+    ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/$"
+    ynh_app_setting_set --app=$app --key=unprotected_regex --value="$domain_regex$path_url/.*$"
 fi
 
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index 1304b77..7dfe908 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -143,6 +143,12 @@ ynh_script_progression --message="Upgrading SSOwat configuration..." --weight=1
 if [ $is_public -eq 1 ]; then
   # unprotected_uris allows SSO credentials to be passed anyway.
   ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
+else
+    # If the app is private, viewing paste stays publicly accessible.
+    # Modify the domain to be used in a regex
+    domain_regex=$(echo "$domain" | sed 's@-@.@g')
+    ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/$"
+    ynh_app_setting_set --app=$app --key=unprotected_regex --value="$domain_regex$path_url/.*$"
 fi
 
 #=================================================