I only want to make my website accessible if a certain header (auth-token) with a certain value (test) is transmitted. For this I have already created a .htaccess file and added lower code to it.
The problem is that the website can no longer be reached at all, even if the corresponding header is given. It alswas says that i have no Permission to Access this Server.
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS"
RewriteEngine on
RewriteCond %{HTTP:auth-token} ^test$
RewriteRule .? - [E=headerok]
Order allow,deny
Deny from all
Allow from env=headerok
This is what the Chrome Developer Console responses:
I know that this kind of protection is not really secure, but for my purposes this is sufficient.
Can someone please help me with this problem?
Best Answer
If you're using apache 2.4, you should consider using the new (
Require
) access control methods instead of the 2.0/2.2 (Allow
/Deny
) methods. 2.4 provides a backwards compatibility module for now, but I expect that to go away at some point.The Apache 2.4 access control documentation suggests that you should be able to accomplish this with:
There's also an example on that page using mod_rewrite which is more similar to the approach in the question, but: