I have created a query based authentication on my apache server, but I've got a strange behavior from apache, and can't find my way out of this. Here is the .htaccess code:
RewriteEngine on
RewriteCond %{QUERY_STRING} p=1
RewriteRule ^(.*)$ $1?map=$1 [E=authme:1]
Order deny,allow
Deny from env=authme
AuthType Basic
AuthName "Login Required"
AuthUserFile /var/www/test/.htpasswd
require valid-user
Satisfy any
I expect apache to look at query string for p=1. If found an environmental variable is set (authme=1). This works fine!
I expect then that authentication is required (Deny from env=authme) if p=1 is present in query string.
All this stuffs works wonderfully if a call from the browser the main the index file (in my case index.php), but does not work at all if a call an other file in the same directory.
Environmental variable is correctly set (I can check it with PHP), but no authentication is required.
I really can not understand why. Any help will be appreciated!
More info can be found here
Do you have any other rewrite rules after this one? Have you tried making it a last [L] rule? Also have you tried in a second browser that has never authenticated on any urls?