0

I'm using the following .htaccess to allow access to my website by IP address:

<Limit GET POST>
 Require all denied
 Require ip x.x.x.x
 Require ip y.y.y.y
</Limit>

I was wondering if it were possible to add an if statement so when a visitor adds a secret value like "?bypass=1" to the URL the IP check is skipped.

Improve this question
4
  • Why prevent access if you're going to allow bypassing restrictions?
    – djdomi
    Commented Jun 29 at 8:51
  • @djdomi Just in case.
    – vespino
    Commented Jun 29 at 9:56
  • 1
    There are no reasonable information technology management practices in a business environment, in my humble opinion.
    – djdomi
    Commented Jun 29 at 17:42
  • @djdomi The question does not include any details on the environment or even the use case. It seems purely a syntax question.
    – Paul
    Commented Jul 10 at 14:17

1 Answer 1

Reset to default
0 
<IfModule mod_rewrite.c>
RewriteEngine On

# Check for the secret bypass parameter
RewriteCond %{QUERY_STRING} bypass=1
RewriteRule ^ - [L]

# If the secret parameter is not present, apply IP restriction
<IfModule mod_authz_core.c>
    <RequireAll>
        Require ip x.x.x.x
        Require ip y.y.y.y
    </RequireAll>
</IfModule>

<IfModule !mod_authz_core.c>
    Order Deny,Allow
    Deny from all
    Allow from x.x.x.x
    Allow from y.y.y.y
</IfModule>

</IfModule>

# Fallback if mod_rewrite is not available
<Limit GET POST>
    Require all denied
    Require ip x.x.x.x
    Require ip y.y.y.y
</Limit>
Improve this answer
1
  • Thanks for your effort. mod_rewrite is available, but unfortunately your attempt doesn't work.
    – vespino
    Commented Jul 4 at 10:31

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .