Drivingralle
Reputation: 33
Bypassing AuthType with url parameter in Request_URI using htaccess
Based on this question I build a protection for
I want to bypass the Authorization with user and password by AuthType when the URI contains a parameter value. If the parameter is not set or wrong the usual user/pw input should be necessary.
Ex:
www.domain.com?id=200 -> NO password required
www.domain.com -> password required
I found this question. It works fine. But I'm not able to change behavior:
Protect a url with HTTP authentication based on query string parameter
The following code doesn't work:
RewriteEngine On
# set URI to /index.php/200 if query string is id=200
RewriteCond %{QUERY_STRING} (?:^|&)id=(200|1)(?:&|$) [NC]
RewriteRule ^(index\.php)/?$ $1/%1 [NC]
# set SECURED var to 1 if URI is /index.php/200
SetEnvIfNoCase Request_URI "^/index\.php/(200|1)" SECURED
# enforce auth if SECURED=1
AuthType Basic
AuthName "Login Required"
AuthUserFile /path/to/.htpasswd
Require valid-user
Order allow,deny
Deny from all
Allow from env=SECURED
Satisfy any
Upvotes: 1
Views: 1782
Answers (1)
Lars Moelleken
Reputation: 728
SetEnvIf Request_URI /register noauth=1
AuthType Basic
AuthName "Auth"
AuthUserFile /path/to/.htpasswd
<RequireAny>
Require env noauth
Require valid-user
</RequireAny>
http://httpd.apache.org/docs/current/mod/mod_authz_core.html
Upvotes: 1
Related Questions
- htaccess exclude one url from Basic Auth
- Bypass htaccess Password Protection for API calls
- How can allow a url type from .htaccess password protection?
- Apache 2.4 .htaccess Basic auth bypass by Request_URI
- How to protect a specific url through htaccess
- Use basic auth for different URIs in a .htaccess file
- Protect a url with HTTP authentication based on query string parameter
- How to make Basic Auth exclude a rewritten URL
- Using Basic Authentication (htaccess) to restrict access to a specific URL
- How do I use HTTP Authentication for a specific URL (not a directory)