I have a website which is protected by Allow from
IP filter but there is one specific subset of URLs which I would like to be open for everyone.
dev.someweb.com
should be available only from specific IP addresses
dev.someweb.com/api/v1/<anything here>
should be available to everyone and with all methods - GET, POST etc.
Here is my current httpd.conf example:
<VirtualHost *:80>
DocumentRoot /home/webroot/devsite/public
ServerName dev.someweb.com
<Directory /home/webroot/devsite/public>
SetEnvIf REQUEST_URI "/api/v1/" allowapi=1
Order deny,allow
Deny from all
Allow from 192.168.1.0
Allow from env=allowapi # this does not work, dev.someweb.com/api/v1/someresource still fails with 403 if accessing from another IP
AllowOverride All
</Directory>
ErrorLog /home/webroot/devsite/tmp/log/error_log
</VirtualHost>
I tried moving SetEnvIf to different places - still it does not work, dev.someweb.com/api/v1/someresource
is always forbidden outside of 192.168.1.0
Just in case - I'm restarting Apache after all changes and I do not see any errors in its log file.
What am I doing wrong?