password protect based on query string

Forum Moderators: phranque

Message Too Old, No Replies

password protect based on query string

how to implement apache basic authentication for a page

rodneytoady

5:31 am on Jan 5, 2011 (gmt 0)

I need to use .htaccess to password protect a single page on a site where all pages are index.php and the content that is served is determined solely by the query string. Here's my current attempt - it does nothing:

<FilesMatch "^(index.php?p=flagged&flag=featflag)$">
AuthType Basic
AuthName "Protected Access"
AuthUserFile /usr/local/apache2/passwords/users
Require valid-user
</FilesMatch>

It appears that FilesMatch is simply not recognising my string. I've also tried numerous variations on the string including:

<FilesMatch "^(index.php\?p=flagged&flag=featflag)$">
<FilesMatch "^(index.php\?p=flagged\&flag=featflag)$">
<FilesMatch "(index.php?p=flagged&flag=featflag)">

etc, etc.

Am I trying to do something that's not possible?

g1smd

8:29 am on Jan 5, 2011 (gmt 0)

Filesmatch matches only a filename.

It will not match query string data.

jdMorgan

8:58 pm on Jan 5, 2011 (gmt 0)

Look into using SetEnvIf or mod_rewrite to set a variable, then using "Allow from env:varname" and "Satisfy Any" in your auth code. Basically, you will completely password-protect index.php, but then allow bypassing that requirement unless the query string is a certain value.

This requires one step of negation. If you can't get that done with SetEnvIf, then you'll have to use mod_rewrite to set the Allow-from variable if the query string is NOT the one to be protected.

Jim

rodneytoady

4:30 am on Jan 6, 2011 (gmt 0)

Thanks to both respondents, thanks especially to Jim for the detailed suggestion. I will research it.