logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: How to limit access to an URL with query parameters
Author
juza



Joined: 05 Sep 2016
Posts: 3
Location: Switzerland
PostPosted: Mon 05 Sep '16 13:13    Post subject: How to limit access to an URL with query parameters Reply with quote
Hello,

my experience with apache is ~ 0 and I need your help. My problem is the following:

I need that an URL is accessible only for some defined users. In the URL there is a query parameter and that is the discriminator.

The URL could be something like this:

https://my.my.com/my-app/view/myView.xhtml?myQueryParam=allUsers

Googling a little I came upon this possible solution:

RewriteEngine on
RewriteCond %{REQUEST_URI} "/my-app/view/myView[.]xhtml.*"
RewriteCond %{QUERY_STRING} myQueryParam=allUsers
RewriteRule .* - [E=no_auth_required:1]

<LocationMatch "/my-app/view/myView[.]xhtml.*">

Require uniqueID user1ID user2ID

</LocationMatch>

Between xhtml and ? could come additional strings too, therefor the *

This works but the problem is that it also denies the access to for ex. the link https://my.my.com/my-app/view/myView.xhtml?myQueryParam=somethingElse

It seams that it doesn't bother the value of the query parameter...

What do I miss?

Thank you in advance.

Greetings
Francesco
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg
PostPosted: Wed 07 Sep '16 16:18    Post subject: Reply with quote
if you are using 2.4.x

Code:
<LocationMatch ^/my-app/view/myView.xhtml>
    <If "%{QUERY_STRING} =~ /myQueryParam=allUsers/">
        Require all grated
    </If>
    <Else>
        Require uniqueID user1ID user2ID
    </Else>
</LocationMatch>
Back to top
juza



Joined: 05 Sep 2016
Posts: 3
Location: Switzerland
PostPosted: Thu 08 Sep '16 16:16    Post subject: Reply with quote
Nope. I'm using Apache 2.2

I saw that with 2.4 it would be easier... Sad
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg
PostPosted: Mon 19 Sep '16 15:00    Post subject: Reply with quote
Can't you handle that in your app? So your app checks for the query string?
Back to top
juza



Joined: 05 Sep 2016
Posts: 3
Location: Switzerland
PostPosted: Tue 20 Sep '16 17:06    Post subject: Reply with quote
I just need a quick and dirty solution. Afterwards I can update my application too.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg
PostPosted: Tue 11 Oct '16 21:38    Post subject: Reply with quote
See http://serverfault.com/questions/436312/how-to-only-allow-urls-with-specific-parameter-in-apache
Back to top


Reply to topic   Topic: How to limit access to an URL with query parameters View previous topic :: View next topic
Post new topic   Forum Index -> Apache