Redirect incoming URL request between basic authentication and openidc in apache

Question

Redirect incoming URL request between basic authentication and openidc. I want to categorize if the request for URL is coming from "wget/curl" then i need it to get authenticated with Basic authentication and if the user input is from browser then i need to re-direct for openidc.

New to Apache and learning, tried the below and stuck creating a Rewriterule

ServerName www.domain.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/Domain

<if %{QUERY_STRING} = 'wget'>
    <Directory /var/www/wget-curl>
            RewriteEngine On
            RewriteCond "%{QUERY_STRING}" "wget"
            Rewriterule
    AuthType Basic
                AuthName " Wiki Basic Credentials"
                AuthBasicProvider file
                AuthUserFile /etc/apache2/.htpasswd
                Require valid-user
            </Directory>
</if>

<Else "%{HTTPS} == 'on'">
        <Directory /var/www/openidc>
                Options +FollowSymLinks +Indexes
    IndexOptions FancyIndexing HTMLTable
                AuthType openid-connect
                Require valid-user
    AllowOverride all
    </Directory>
</Else>

Answer 1

I think you're testing the wrong thing. %{QUERY_STRING} is the part of the URL after the ?. The user's browser is specified in the User-Agent header. You can test it like this:

<If "%{HTTP_USER_AGENT} =~ /wget|curl/">
...
</If>

See Expressions. There's also BrowserMatch, which lets you set environment variables based on the value of the User-Agent header.

Note that the client can freely set the User-Agent header to any value it wants, so be sure your security doesn't depend on that value.

Also, your configuration sets directives in different directories based on the browser, but it doesn't make those directories be used in answering the request. You may need to also set DocumentRoot in each section.