0

I have an apache webserver running on an ubuntu system. To avoid access for unauthorized users, I have an active .htaccess:

AuthType Basic
AuthName "own area"
AuthUserFile /path/to/.htpasswd
require user username

This .htacces works fine by accessing all files insight the document root, like the index.php. In this case, user authentication is required. But now I'm looking for an way to disable this user authentication, if an specific uri was called, like: index.php?s=abc In this case and only in this case the application should be available without authentication.

Is there a way to realize that? I'm not sure, how to start searching the web for that specific question?

Is the RewriteEngine the key?

The server vhost config has an active rewrite rule with the following configuration:

  RewriteEngine on
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteCond %{REQUEST_URI}  !^/index.php
  RewriteRule ^/([\w]+)$ /index.php?s=$1   [L]

Thank you.

The Bndr
  • 294
  • 3
  • 9

1 Answers1

0

Add the following to .htaccess, in addition to the authentication configuration:

# Set environment variable "allow" only for URL /index.php?s=abc
RewriteEngine on
RewriteBase /
RewriteCond %{QUERY_STRING} ^s=abc$
RewriteRule ^index.php$ - [E=allow]

# Allow access when allow is set
Order deny,allow
Deny from all
Allow from env=allow

# Grant access by Allow OR user authentication
Satisfy any
Andrew Schulman
  • 8,811
  • 21
  • 32
  • 47
  • That looks great and I see, that I'm far away from understanding the Apache rewrite-world. Unfortunately, this example doesn't work out of the box and because of my limited knowledge, I'm unable to debug. :-( the login-box still appears, even if I call `domain.abc/index.php?s=abc` – The Bndr Mar 04 '14 at 10:13
  • Hm, does it work if you use `^/index.php$` instead of `^index.php$`? – Andrew Schulman Mar 04 '14 at 10:20