.htaccess forbid for all except when specific {querystring}/$_GET
Foreword: I know this is a bit of a security flaw, but I'd like an htaccess solution
I have a semi-private wiki (php,mysql,mediawiki) that I'd like to allow only to a specific range of IPs, except make it public (allow all) if the article title is title=public_articleName#### which I believe is ^title=public_articleName([0-9]{4})$ ?
I also use rewrite rules in toplevel htaccess so that the urls are beautified (www.site.com/wiki/article
is actually www.site.com/wiki/index.php?title=article
) in my case I would like www.site.com/wiki/
to be (partly) forbidden, but www.site.com/wiki/public_articleName2345
visible for all)
Any ideas ? I know you can access %{QUERY_STRING}, but I have no idea to force a 403 based on that match (except for IPs xxx.xxx.xx.xxx)
Thanks for your input
edi开发者_如何学编程t:clarifications
You can use the [forbidden]
flag on RewriteRules:
RewriteRule index.php?title=disallow forbid.html [F]
You can combine that with a RewriteCond
maybe to match IPs or prevent this rule to apply to allowed pages.
RewriteCond ${REMOTE_ADDR} !78.22.131.219
RewriteRule index.php?title=disallow forbid.html [F]
Some notes here: https://serverfault.com/questions/214512/everything-you-ever-wanted-to-know-about-mod-rewrite-rules-but-were-afraid-to-ask
It would however be heaps easier to implement this programmatically in the wiki software.
精彩评论