Home/ Questions/Q 6867311
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T03:17:38+00:00

I need to password protect on specific URL, for instance anyone can access index.php

  • 0

I need to password protect on specific URL, for instance anyone can access index.php but as soon as they add parameters or “GET” variables I must require valid-user.

index.php -> sweet

index.php?prev=1 -> require valid user

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Interesting question.

    Here’s a solution:

    <Location /fakeindex.php>
  Order Deny,Allow
  Deny from All
  Allow from env=REDIRECT_STATUS
  AuthType Basic
  AuthUserFile /pathto/htpasswd/file/passwords.secret
  AuthName This is an example auth
  Require valid-user
</Location>
<Directory /path/to/doc/root>
    Order allow,deny
    allow from all
    RewriteEngine On
    RewriteCond %{QUERY_STRING} .
    RewriteCond %{REQUEST_URI} index.php
    RewriteRule .* fakeindex.php [L,QSA]
</Directory>

    This part:

      Order Deny,Allow
  Deny from All
  Allow from env=REDIRECT_STATUS

    is there to prevent a direct access to /fakeindex.php (but in fact who would like to enforce a direct access to a protected zone). It’s optionnal.

    The key point is that theses condition Rules detect a non empty Query string, and a request to index.php:

        RewriteCond %{QUERY_STRING} .
    RewriteCond %{REQUEST_URI} index.php

    And that if they match the Rule:

    RewriteRule .* fakeindex.php [L,QSA]

    Redirect internally the request to /fakeindex.php, keeping the query string with QSA. After that the Location is applied, and authentification is on the Location.

    • 0