Apache permissions based on querystring

Question

I have an apache server where authentication is required, but there are some calls that need to be allowed for all.

On off these calls is based on a query string for

Answer 1

As you can read here:

The , , and Apache directives allow us to apply authentication/authorization to specific patterns of resources with a high degree of specificity, but do not give us that control down to the query-string level.

Therefore, you have to use mod_rewrite to achieve you goal.
For example:

RewriteEngine on
RewriteCond %{QUERY_STRING} Task=DoStuff
RewriteRule ^/foo/api.php - [E=no_auth_required:1]


      Order allow,deny
      Allow from env=no_auth_required
      AuthType Basic
      AuthName "Login Required"
      AuthUserFile /var/www/foo/.htpasswd
      require valid-user
      Satisfy Any

UPDATE

You've stated that:

If I just filter ^/foo/api.php I get passed the authentication, but this isn't strict enough.

Then, try adding the following rows to your configuration:

RewriteEngine on
RewriteCond %{QUERY_STRING} Task=DoStuff
RewriteRule ^/foo/api.php - [E=no_auth_required:1]


      Order allow,deny
      Allow from env=no_auth_required