Apache permissions based on querystring
I have an apache server where authentication is required, but there are some calls that need to be allowed for all.
On off these calls is based on a query string for
-
we can't use
<If %{QUERY_STRING} /a=b/>, is not supported by < apache 2.4RewriteEngine OnRewriteCond %{QUERY_STRING} test=okRewriteRule ^/ - [E=checkParamTest:1]<LocationMatch "^/"> Order allow,deny Allow from env=checkParamTest Satisfy any </LocationMatch><Location /> AuthType openid-connect Require valid-user ... </Location>讨论(0) -
In Apache 2.4 there's an easier way to do this without the rewrite.
You can use
LocationMatchto match upto theQUERY_STRING, and then use anIfblock to match the contents ofQUERY_STRING. i.e., something like this:<LocationMatch "^/foo/api.php"> <If "%{QUERY_STRING} =~ /.*Task=DoStuff.*/" > Require all granted </If> </LocationMatch>讨论(0) -
As you can read here:
The <Location>, <LocationMatch>, <Directory> and <DirectoryMatch> Apache directives allow us to apply authentication/authorization to specific patterns of resources with a high degree of specificity, but do not give us that control down to the query-string level.
Therefore, you have to use mod_rewrite to achieve you goal.
For example:RewriteEngine on RewriteCond %{QUERY_STRING} Task=DoStuff RewriteRule ^/foo/api.php - [E=no_auth_required:1] <LocationMatch ^/foo/api.php> Order allow,deny Allow from env=no_auth_required AuthType Basic AuthName "Login Required" AuthUserFile /var/www/foo/.htpasswd require valid-user Satisfy Any </LocationMatch>UPDATE
You've stated that:
If I just filter ^/foo/api.php I get passed the authentication, but this isn't strict enough.
Then, try adding the following rows to your configuration:
RewriteEngine on RewriteCond %{QUERY_STRING} Task=DoStuff RewriteRule ^/foo/api.php - [E=no_auth_required:1] <LocationMatch ^/foo/api.php> Order allow,deny Allow from env=no_auth_required </LocationMatch>讨论(0)
加载中...
- 热议问题