niczak
Reputation: 3917
Use .htaccess to only allow requests IF a header with a specific value is present
I have a case where I want to protect some files (listing the directory AND accessing the content) unless a specific header is present and if that header contains the correct value.
For example if a header named "x-test-header" is present AND has a value of "abc123" then let the traffic go through, otherwise return a 403.
I have tried a variety of things such as:
RewriteEngine On
RewriteCond %{HTTP_x-test-header} !^abc123
RewriteRule ^.*$ - [R=403,L]
The above works in the sense that it blocks traffic but when I use a REST client to include the header it still returns a 403. Clearly I am not doing something correctly, can anyone point me in the right direction?
Using Apache 2.4.33 on AWS.
Upvotes: 6
Views: 4425
Answers (1)
anubhava
Reputation: 785276
This rule should work for you:
RewriteCond %{HTTP:x-test-header} !^abc123$ [NC]
RewriteRule ^ - [F]
Upvotes: 6
Related Questions
- Allow access when certain query string exists otherwise deny
- Is it possible to set headers conditionally?
- How to set Apache conditional header based on URL?
- Check if header is present in request with apache
- Set multiple headers conditionally with rewrite rules [apache httpd.conf]
- Set Apache headers conditionally
- Conditionally set headers in Apache htaccess
- Check for specific header value in RewriteCond
- htaccess conditional for RequestHeader
- Match HTTP requests that are missing some header