1

My server will be receiving a non-standard HTTP request named EmployeeID that I want to use to determine access rights to certain directories on the server. How can I store the value of the incoming non-standard HTTP request header so that it can be used in an If conditional using Apache directives?

After searching online for quite some time I came up with the following where I attempt to save the header to an environment variable using RewriteRule so that I could access the value of the variable later for the comparison. Unfortunately, I have only met frustration instead of success.

<Direcory "\Apache24\htdocs\usrs">
   RewriteEngine on
   RewriteRule .* - [E=EmployeeID:%{HTTP:EmployeeID}]
   <If "{Request_URI} != /%{EmployeeID}/">
      Deny from all
   </If>
</Directory">
Chet
  • 13
  • 3

1 Answers1

0

I think you want to use the SetEnvIf apache directive. Possibly:

SetEnvIf EmployeeId "^(.+)$" eid=$1
<Directory "\Apache24\htdocs\usrs">
    Order Deny,Allow
    Deny from all
    Allow from env=eid
</Directory>

Look at the Prevent "Image Theft" example, I think that might do something similar to what you need.

dialt0ne
  • 3,065
  • 20
  • 27