1

I have a website build in cs cart.
The url of administrator panel is like this https://mysite.com/vendorsds.php.
I want to set a HTPasswd for user whenever he/she visit this link https://mysite.com/vendorsds.php?dispatch=companies.update.

I have tried the following - 

AuthName "Restricted Area" 
AuthType Basic 
AuthUserFile /var/chroot/home/content/28/11136228/html/htpasswds/.htpasswd 
AuthGroupFile /dev/null 
<Files vendorsds.php?dispatch=companies.update>
require valid-user
</Files>

When I remove dispatch=companies.update from above its working for all of the pages going through the vendorsds.php. Is it possible to set HTPasswd for any specific GET parameter (like dispatch=companies.update) in same page?

Mithun Sen
  • 523
  • 5
  • 19

1 Answers1

0

This is really tricky but possible. See this 2 steps method below:

## force BASIC auth for a specific query parameter

# 1: set URI to /vendorsds.php/companies.update if query string is dispatch=companies.update
RewriteCond %{QUERY_STRING} (?:^|&)dispatch=companies.update(?:&|$) [NC]
RewriteRule ^(vendorsds\.php)/?$ $1/%1 [NC]

# 2: set AUTH_NEEDED var to 1 if URI is /vendorsds.php/companies.update
SetEnvIfNoCase Request_URI "^/vendorsds\.php/companies\.update" AUTH_NEEDED

AuthType Basic
AuthName "Restricted Area"
AuthUserFile /var/chroot/home/content/28/11136228/html/htpasswds/.htpasswd
Require valid-user
Order allow,deny
Allow from all
Deny from env=AUTH_NEEDED
Satisfy any
anubhava
  • 761,203
  • 64
  • 569
  • 643