[users@httpd] Selective authentication based on QUERY_STRING on 2.2

[Jussi Hakkila <ha...@gmail.com>]

I want to achieve selective authentication based on QUERY_STRING on Apache
2.2. using a .htaccess file.

So that eg. http://domain.com/index.php would require authentication, but
.../index.php?authentication=0 would not.

The challenge that I have is that QUERY_STRING does not appear to be
visible to the directives that are processed before the Allow and Deny
directives, such as SetEnvIf. Setting the environment variable via
RewriteRule happens too late for authentication purposes, if I have
understood correctly. Apache 2.4. provides the If clause which has access
to QUERY_STRING, and probably would be useful, but unfortunately I am
locked to 2.2. I understand that using the [F] flag of RewriteRule I could
block access entirely to index.php while allowing access to
index.php?authentication=0, but I am unaware of how to do the same with
authentication.

Any ideas on how to achieve this would be greatly appreciated. Thanks!