Apache 2.4: Require (allow) either (mod_auth_basic) valid-user or a specific query string


  • Apache 2.4
  • you have set up your htpasswd file in /path/to/.htpasswd
  • the alternative, secret query parameter for access is secret_access_parameter

To make it work, add these lines to the appropriate section of your Apache vhost configuration:

Require all denied
  Require valid-user
  Require expr "%{QUERY_STRING} =~ /secret_access_parameter/"
AuthType Basic
AuthName "Authorization required"
AuthUserFile /path/to/.htpasswd