I am trying to allow user to wordpress wp-admin index page if query string contains parameter. I am setting env variable to allow them access. This is how my htaccess file looks like
RewriteEngine on
RewriteCond %{QUERY_STRING} !^author=1
RewriteRule ^ - [E=NO_AUTH:1]
AuthName "Staff Authorization Required"
AuthType Basic
AuthUserFile /usr/bin/.htpasswd
<Files "index.php">
Order Deny,Allow
Deny from all
Require user newagenumber
Allow from env=NO_AUTH
</Files>
Options -Indexes
As of yet, authorization dialog box appears for everyone. Please help :|
This is not working because Apache executed mod_auth module before mod_rewrite hence NO_AUTH is not set when basic authentication directives run.
Unfortunately this behavior is not that simple to change.
Here is a workaround solution that combines mod_rewrite, mod_setenvif and mod_auth:
RewriteEngine On
RewriteBase /wp-admin/
RewriteCond %{QUERY_STRING} (?:^|&)(author=1)(?:&|$) [NC]
RewriteRule ^(index\.php)?$ index.php/%1 [NC]
# set SECURED var to 1 if URI is /index.php/200
SetEnvIfNoCase Request_URI "/index\.php/(author=1)" NO_AUTH
AuthType Basic
AuthName "Login Required"
AuthUserFile /full/path/to/passwords
Require user newagenumber
Order Deny,Allow
Deny from all
Allow from env=NO_AUTH
Satisfy any