I need password protection enabled, except when a certain get parameter is set.
Current working code (enables protection in folder secure):
<If "%{HTTP_HOST} =~ /^(?:.+\.)*sub\.domain\.com$/">
SetEnvIfNoCase Request_URI "^/secure/" SECURE
</If>
Require valid-user
Order allow,deny
Allow from all
Deny from env=SECURE
When calling e.g. https://sub.domain.com/secure/?access_token=12345, password protection should not be enabled, something like this:
<If "%{HTTP_HOST} =~ /^(?:.+\.)*sub\.domain\.com$/">
<If "%{QUERY_STRING} != /^access_token$/">
SetEnvIfNoCase Request_URI "^/secure/" SECURE
</If>
</If>
But "%{QUERY_STRING} != /^access_token$/" gives me an internal server error.
>Solution :
<If "%{QUERY_STRING} != /^access_token$/">
The Internal Server Error might be caused by the use of the != (not-equal) operator as used with strings instead of the !~ (not-match) operator to compare against the regex. For example, it should read:
<If "%{QUERY_STRING} !~ /^access_token$/">
Although this is naturally successful when the QUERY_STRING is not exactly access_token. The access token value is omitted. So, maybe you also need /^access_token=12345$/.