Is there a mod / way to get this pseudo code working in apache?
<Location /somepath/>
if not value of request header 'x-token' is 'secret' deny
</Location>
Asked
Active
Viewed 58 times
0
RabbitInAHole
- 103
- 1
-
If you are using plain HTTP, your "secret" isn't a secret any more. – Deer Hunter Jul 30 '14 at 21:35
-
@DeerHunter i'm using https – RabbitInAHole Aug 06 '14 at 18:28
1 Answers
0
It's definitely possible, but probably not a great idea for robust security, since anyone could spoof it.
Use the SetEnvIf directive to set a variable based on the header:
http://httpd.apache.org/docs/2.2/mod/mod_setenvif.html
Then use that to lock down your location:
<Location /somepath/>
Allow from env=your_variable
</Location>
Daniel Scott
- 430
- 3
- 11