1

I am trying to create a RewriteRule which looks at the incoming Header for an APIKey and if it contains a matching string then it will redirect to respective URL else, it should be inaccessible.

I am testing this scenario using postman with Post method.

Please find my code below:

RewriteEngine On
RewriteCond %{REQUEST_URI}  ^/manager/(.*)
RewriteCond %{REQUEST_URI}  ^/manager/secure/rest/groovy-service-invoke/v2/demo/firewall-test/v0.1.0/(.*)$
RewriteCond %{ENV:APIKEY}   ^ABCD123456789$
RewriteRule .* - [E:APIKEY=ABCD123456789]
MrWhite
  • 11,643
  • 4
  • 25
  • 40
user13947255
  • 11
  • 1

1 Answers1

0

To block access (ie. 403 Forbidden) to any URL-path that starts /manager/ when the HTTP request header APIKey is not supplied with the specific value (eg. ABCD123456789) you can use the following mod_rewrite rule:

RewriteEngine On

RewriteCond %{HTTP:APIKey} !=ABCD123456789
RewriteRule ^/?manager/ - [F]

:
RewriteCond %{ENV:APIKEY}   ^ABCD123456789$
RewriteRule .* - [E:APIKEY=ABCD123456789]

This isn't actually doing anything. It sets the environment variable APIKEY to the value ABCD123456789 but only when the env var APIKEY is already set to that value!

MrWhite
  • 11,643
  • 4
  • 25
  • 40