diff --git a/check_process b/check_process
index da9f0ab..7d507d0 100644
--- a/check_process
+++ b/check_process
@@ -10,6 +10,7 @@
 		setup_root=1
 		setup_nourl=0
 		setup_private=0
+		setup_private=1
 		setup_public=1
 		upgrade=1
 		backup_restore=1
diff --git a/scripts/install b/scripts/install
index 66b72c6..77acee9 100644
--- a/scripts/install
+++ b/scripts/install
@@ -33,6 +33,12 @@ ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
 url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]'
 [[ ! $redirect_path =~ $url_regex ]] && ynh_die "Invalid destination: $redirect_path" 1
 
+# Avoid uncrypted remote destination with reverse proxy mode
+# Indeed the SSO send the password in all requests in HTTP headers
+url_regex='^(http://(127\.[0-9]+\.[0-9]+\.[0-9]+|localhost)|https://.*)(:[0-9]+)?(/.*)?$'
+[[ "$redirect_type" = "proxy" ]] && [[ ! $redirect_path =~ $url_regex ]] && ynh_die \
+"For secure reason, you can't use an unencrypted http remote destination couple with ssowat for your reverse proxy: $redirect_path" 1
+
 # Save extra settings
 ynh_app_setting_set --app=$app --key=redirect_type --value=$redirect_type
 ynh_app_setting_set --app=$app --key=redirect_path --value=$redirect_path
diff --git a/scripts/restore b/scripts/restore
index 5c4c3a6..c333112 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -38,9 +38,13 @@ NGINX_CONF="/etc/nginx/conf.d/${domain}.d/${app}.conf"
 ynh_restore_file "$NGINX_CONF"
 
 #=================================================
-# CONFIGURE SSOWAT
+# SETUP SSOWAT
 #=================================================
 
+if [[ "$is_public" -eq 0 ]]
+then	# Remove the public access
+	ynh_app_setting_delete "$app" skipped_uris
+fi
 # Make app public if necessary
 if [ "$redirect_type" != "private_proxy" ]
 then