httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brice Figureau <>
Subject [users@httpd] How to rewrite URL to trigger authentication ?
Date Sat, 26 Feb 2005 11:53:04 GMT

I want to trigger an HTTP authentication based on some value of the
param 'page' of the query string:

should trigger an authentication and upon success, should let access.

should be accessible directly.

My idea was the following:
1) create a protected directory which is guarded with an AuthUserFile
2) Rewrite (redirect in fact) if REMOTE_USER is empty and page matches
stats to /protected/index.php
3) the authentication dialog should pop-up
4) then rewrite /protected/index.php back to /index.php and continue

Unfortunately this does not work as I thought, here is the

RewriteEngine On
RewriteCond %{LA-U:REMOTE_USER} ^$
RewriteCond %{QUERY_STRING} page=(stats|protectedpage)
RewriteRule ^/index.php /protected/index.php [QSA,R]

<Directory /var/www/protected>
AuthType Basic
AuthName "Protected Area"
AuthUserFile /etc/apache2/passwords
require valid-user

RewriteEngine On
RewriteCond %{REMOTE_USER} !^$
RewriteRule .* /index.php [QSA,L]

RewriteCond %{REMOTE_USER} ^$
RewriteRule .* - [F]

The first rewriteRule works, it redirects to the protected area, my
browser asks for authentication.
Then there is a redirect loop.

Careful inspection of the rewrite log (I can provide it if you want)
does not show where is my mistake.

What's wrong with this configuration ?

Thanks for your help.

Brice Figureau <>

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message