Bypass .htaccess authorization for a specific URI including query strings
I have a PHP web application that loads based on various query strings. I need the application to require authentication IF no query string is passed.
For example, if the url is example.com/app/?Setting1=true I want to force authentication.
However, if the url is example.com/app/?Setting1=true&Setting2=true I want to bypass authentication
I'm close to wanting to use SetEnvIf Request_URI, but I'm not sure how to include query strings in Request_URI.
SetEnvIf Request_URI "(/app/test)$" allow
Order Deny,Allow
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /home/path/.htpasswd
AuthGroupFile /dev/null
#Allow valid-user
Deny from all
Allow from env=allow
Satisfy any
I need something like this:
SetEnvIf Request_URI "(/app/?Setting1=true&Setting2=true)$" allow
Order Deny,Allow
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /home/path/.htpasswd
AuthGroupFile /dev/null
#Allow valid-user
Deny from all
Allow from env=allow
Satisfy any
Thanks a lot for any suggestions.
+3
source to share
1 answer
RewriteEngine On
SetEnvIf Request_URI ".*" allow=0
RewriteCond %{QUERY_STRING} ^(?:.*[&?])?Setting1=true&Setting2=true$
RewriteRule ^ - [E=allow:1]
RewriteCond %{QUERY_STRING} ^(?:.*[&?])?Setting2=true&Setting1=true$
RewriteRule ^ - [E=allow:1]
<If "%{ENV:allow} == '0'">
AuthUserFile /home/path/.htpasswd
AuthType Basic
AuthName "Restricted Access"
Require user valid-user
</If>
Note:
- SetEnvIf does not support a query string parameter. Please refer to the link below.
It is also possible to set an environment variable using the mod_rewrite module:
0
source to share