Home > other >  .htaccess: if statement to disable password protection if get parameter is set
.htaccess: if statement to disable password protection if get parameter is set

Time:03-23

I need password protection enabled, except when a certain get parameter is set.

Current working code (enables protection in folder secure):

<If "%{HTTP_HOST} =~ /^(?:. \.)*sub\.domain\.com$/">
    SetEnvIfNoCase Request_URI "^/secure/" SECURE
</If>
Require valid-user
Order      allow,deny
Allow from  all
Deny from env=SECURE

When calling e.g. https://sub.domain.com/secure/?access_token=12345, password protection should not be enabled, something like this:

<If "%{HTTP_HOST} =~ /^(?:. \.)*sub\.domain\.com$/">
    <If "%{QUERY_STRING} != /^access_token$/">
        SetEnvIfNoCase Request_URI "^/secure/" SECURE
    </If>
</If>

But "%{QUERY_STRING} != /^access_token$/" gives me an internal server error.

CodePudding user response:

<If "%{QUERY_STRING} != /^access_token$/">

The Internal Server Error might be caused by the use of the != (not-equal) operator as used with strings instead of the !~ (not-match) operator to compare against the regex. For example, it should read:

 <If "%{QUERY_STRING} !~ /^access_token$/">

Although this is naturally successful when the QUERY_STRING is not exactly access_token. The access token value is omitted. So, maybe you also need /^access_token=12345$/.

Page link:https//www.codepudding.com/other/344644.html

Prev:.htaccess rewrite url with letters öäå and passing variables
Next:How to Mod-Rewrite underscores to dashes with up to 4 variables and new text?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding