Bypass .htaccess authorization for a specific URI including query strings

Question

Bypass .htaccess authorization for a specific URI including query strings

I have a PHP web application that loads based on various query strings. I need the application to require authentication IF no query string is passed.

For example, if the url is example.com/app/?Setting1=true I want to force authentication.

However, if the url is example.com/app/?Setting1=true&Setting2=true I want to bypass authentication

I'm close to wanting to use SetEnvIf Request_URI, but I'm not sure how to include query strings in Request_URI.

SetEnvIf Request_URI "(/app/test)$" allow

Order Deny,Allow

AuthType Basic
AuthName "Restricted Area"
AuthUserFile /home/path/.htpasswd
AuthGroupFile /dev/null

#Allow valid-user
Deny from all
Allow from env=allow
Satisfy any

I need something like this:

SetEnvIf Request_URI "(/app/?Setting1=true&Setting2=true)$" allow

Order Deny,Allow

AuthType Basic
AuthName "Restricted Area"
AuthUserFile /home/path/.htpasswd
AuthGroupFile /dev/null

#Allow valid-user
Deny from all
Allow from env=allow
Satisfy any

Thanks a lot for any suggestions.

+3

php authorization apache .htaccess

Kor Ix Aug 14 14 at 15:29

source to share

1 answer

rajesh ujade · Answer 1 · 2014-09-01T12:46:09+0000

RewriteEngine On
SetEnvIf Request_URI ".*" allow=0
RewriteCond %{QUERY_STRING} ^(?:.*[&?])?Setting1=true&Setting2=true$
RewriteRule ^ - [E=allow:1]
RewriteCond %{QUERY_STRING} ^(?:.*[&?])?Setting2=true&Setting1=true$
RewriteRule ^ - [E=allow:1]
<If "%{ENV:allow} == '0'">
        AuthUserFile /home/path/.htpasswd
        AuthType Basic
        AuthName "Restricted Access"
        Require user valid-user
</If>

Note:

SetEnvIf does not support a query string parameter. Please refer to the link below.

mod_setenvif

It is also possible to set an environment variable using the mod_rewrite module:

mod_rewrite

Bypass .htaccess authorization for a specific URI including query strings

More articles: