I'm trying to restrict folder and file access based on browser cookies.
Files can only be accessed if these 3 conditions are met:
- Wordpress user is logged in
example_cookieexistsexample_cookieisvalue1orvalue2BUT NOT anything else e.g.value3,value4, etc
My .htaccess file currently looks like this:
RewriteEngine On
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteCond %{HTTP_COOKIE} !example_cookie [NC]
RewriteCond %{HTTP_COOKIE} !example_cookie=value1;? [NC]
RewriteCond %{HTTP_COOKIE} !example_cookie=value2;? [NC]
RewriteRule ^(.*)$ - [R=403,L]
Just having the first 2 conditions seems to be working fine by themselves.
The last 2 conditions still blocks access if not logged in or if example_cookie is not set but allows access for any set value of example_cookie not just value1 or value2.
Any help will be much appreciated, thanks!
CodePudding user response:
The (edited) posted code does work now. On line 4, I had the ;? around the wrong way! I also didn't need line 3.
Final code:
RewriteEngine On
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteCond %{HTTP_COOKIE} !example_cookie=value1;? [NC]
RewriteCond %{HTTP_COOKIE} !example_cookie=value2;? [NC]
RewriteRule ^(.*)$ - [R=403,L]