Re: password protecting a file that has parameters

[Nilesh Govindarajan <lists@xxxxxxxxxx>]

On Thu, Mar 4, 2010 at 6:44 PM, Malka Cymbalista <Malki.Cymbalista@xxxxxxxxxxxxxx> wrote:

We are running apache 2.2.6 on  a Linux maxchine.

 

We have the following code in our httpd.conf file

<Directory /usr/local/indico/MaKaC>

  <FilesMatch  "confRegistrationFormDisplay.py">
    AuthUserFile /WWW/httpd/conf/.htpasswd
    AuthName "HP2010 Web Site"
    AuthType Basic
    <Limit GET>
    require user organizer
    </Limit>
  </FilesMatch>
</Directory >

 

Every time someone goes to http://www1.weizmann.ac.il/MaKaC/confRegistrationFormDisplay.py the person is indeed asked for a user name and password.  However, http://www1.weizmann.ac.il/MaKaC/confRegistrationFormDisplay.py really takes parameters e.g.

http://www1.weizmann.ac.il/MaKaC/confRegistrationFormDisplay.py?confid=2

and what I really want to do is require a password only for certain parameter values. So

http://www1.weizmann.ac.il/MaKaC/confRegistrationFormDisplay.py?confid=2 would require a user and password but

http://www1.weizmann.ac.il/MaKaC/confRegistrationFormDisplay.py?confid=3 would not require a user and password.

When I tried adding ?confid=3 to the <FilesMatch> directive, it did not work. 

Is there any way to do this?

 

thanks for any information.

 

 

 

Malka Cymbalista
Webmaster, Weizmann Institute of Science
malki.cymbalista@xxxxxxxxxxxxxx
08-934-3036

There's no solution with FilesMatch or LocationMatch. But a possible solution would be using mod_setenvif. I doubt if query string checking is there with mod_setenvif. If its there, you could set an env variable and depending on that configure auth.

-- 
Nilesh Govindarajan
Site & Server Administrator
www.itech7.com