1

I try to protect the call of a webcal address with a login. Basically it is clear to me how to protect a directory with .htaccess and basic authentication. But what about the protocol "webcal" and parameters in the URL?

Specifically, I want to protect only this URL: webcal://domainname.com/index.php?option=com_jevents&task=icals.export&format=ical&catids=0&years=0&pk=04575786497458993643754733455&i=215

Does anyone have any ideas? Thanks!

RavinderSingh13
  • 130,504
  • 14
  • 57
  • 93
loxlay
  • 11
  • 3
  • You can not apply HTTP Auth to the `webcal://` protocol directly. If this is causing the client to make an HTTP request for the equivalent of that URL, then you could protect _that_. If you want to trigger it on specific query string parameters only, then you will have to look for a solution that checks those using SetEnvIf or something; or do it in PHP to begin with. – CBroe Mar 18 '21 at 07:33
  • Hello, thank you for the feedback. If I understand it correctly, there are two possibilities. 1. call the link via http 2. use SetEnvIf What would the codes look like for this? Thanks – loxlay Mar 18 '21 at 10:47
  • No, it did not say anything about “calling the link via HTTP”, what I meant was, the application that gets started based on the protocol being `webcal://`, will then probably make an HTTP request to `http://domainname.com/index.php?…` itself, to fetch the actual data. If you put that link onto your site directly instead, then the browser will probably prompt you for where to save this as a download, instead of automatically starting the registered app. – CBroe Mar 18 '21 at 10:52
  • So you could apply HTTP Auth for that `http://domainname.com/index.php?…` request - but then you’d have to hope, that the actual app that is processing this, understands HTTP auth, and has a way to prompt the user for credentials. – CBroe Mar 18 '21 at 10:53
  • If you want the authentication to happen in the browser - then you could link to a protected HTTP resource first, which then when proper credentials have been supplied, _redirects_ to `webcal://…`, so that the launch of the associated app only happens afterwards. – CBroe Mar 18 '21 at 10:56
  • Hi, OK, understood. Maybe the internal redirect, after authentication is a solution. Thanks. But how would the password protection look like with htaccess, if the URL would be e.g. like https ://domainname.com/index.php?option=com_jevents&task=icals.export&format=ical&catids=0&years=0&pk=04575786497458993643754733455&i=215 – loxlay Mar 22 '21 at 09:28

0 Answers0