Reputation: 4949
.htaccess: if statement to disable password protection if get parameter is set
I need password protection enabled, except when a certain get parameter is set.
Current working code (enables protection in folder secure):
<If "%{HTTP_HOST} =~ /^(?:.+\.)*sub\.domain\.com$/">
SetEnvIfNoCase Request_URI "^/secure/" SECURE
</If>
Require valid-user
Order allow,deny
Allow from all
Deny from env=SECURE
When calling e.g. https://sub.domain.com/secure/?access_token=12345, password protection should not be enabled, something like this:
<If "%{HTTP_HOST} =~ /^(?:.+\.)*sub\.domain\.com$/">
<If "%{QUERY_STRING} != /^access_token$/">
SetEnvIfNoCase Request_URI "^/secure/" SECURE
</If>
</If>
But "%{QUERY_STRING} != /^access_token$/" gives me an internal server error.
Upvotes: 1
Views: 40
Answers (1)
Reputation: 45829
<If "%{QUERY_STRING} != /^access_token$/">
The Internal Server Error might be caused by the use of the != (not-equal) operator as used with strings instead of the !~ (not-match) operator to compare against the regex. For example, it should read:
<If "%{QUERY_STRING} !~ /^access_token$/">
Although this is naturally successful when the QUERY_STRING is not exactly access_token. The access token value is omitted. So, maybe you also need /^access_token=12345$/.
Upvotes: 2
Related Questions
- Password protect a specific URL
- Password protection in .htaccess doesn't ask for password
- htaccess password protection not working
- .htaccess password protect with visibility
- htaccess: Conditional Authentication
- How to do conditional .htaccess password protect
- htaccess conditionals
- Exclude one file from password protection in .htaccess
- Custom .htaccess password protection handler
- htaccess password protection and mod-rewrite?