3

I using Piwik to track my websites visitors. As a matter of "security" I only allow the access to index.php a few known IPs. My problem is that the Piwik opt-out snippet is only available via this index.php.

I tried to solve this via RewriteRule's and Location/Files directives but I won't able to allow only the specific URL parameter and let others deny.

For all those people who don't know (much) Piwik but Apache here a the basic points:

  • The administrative GUI is available via index.php which it's access is limited to known IPs.
  • The Piwik opt-out snippet is only available via index.php with a known parameter set: index.php?module=CoreAdminHome&action=optOut&lang=DE

What I want is:

  • Deny access to index.php from all unknown IPs but known IPs. (done)
  • Allow access to the opt-out parameter set for index.php from all IPs. (pending)

How to only allow URLs with specific parameter in Apache?

I tried:

Order allow,deny
Allow from all
<Files "index.php">
    Order allow,deny
    Deny from all
    Allow from 127.0.0.1
</Files>
RewriteEngine On
RewriteRule ^/piwik-opt-out.html$ index.php?module=CoreAdminHome&action=optOut [L]
<Location "/piwik-opt-out.html">
    Order allow,deny
    Allow from all
</Location>
burnersk
  • 2,056
  • 5
  • 27
  • 39

1 Answers1

2

I think you can shrink the rules to just:

RewriteEngine on
RewriteCond %{REMOTE_ADDR} !127\.0\.0\.1
RewriteCond %{QUERY_STRING} !action=optOut
RewriteRule index.php - [R=401]
Alastair McCormack
  • 2,184
  • 1
  • 15
  • 22
  • 2
    The main thing to learn here is: the RewriteRule only works on the URL part, not on the parameter part. If you want to do actions on the parameter part, test the %{QUERY_STRING}. – Koos van den Hout Oct 10 '12 at 12:28