Limit access to an URL with query parameters

Question

I need that an URL is accessible only for some defined users. In the URL there is a query parameter and that is the discriminator.

The URL could be something like this:

https://my.my.com/my-app/view/myView.xhtml?myQueryParam=allUsers

My experience in such apache configurations is ~ 0 and googling a little I could set up this:

RewriteEngine on
RewriteCond %{QUERY_STRING} myQueryParam=allUsers
RewriteRule "/my-app/view/myView[.]xhtml.*" - [E=no_auth_required:1]

<LocationMatch "/my-app/view/myView[.]xhtml.*">

               Require uniqueID user1ID user2ID

</LocationMatch>

Between xhtml and ? could come additional strings too, therefor the .*.

This works but the problem is that it also denies the access for ex. to the link

https://my.my.com/my-app/view/myView.xhtml?myQueryParam=somethingElse

It seems that it doesn't bother the value of the query parameter...

What do I miss?

EDIT: I forgot to say that I use Apache 2.2.

Answer 1

^{Provided solution is for Apache v2.4}

Check env variable value by an If directive within a Location* directive:

RewriteCond %{QUERY_STRING} myQueryParam=allUsers
RewriteRule . - [E=no_auth_required:1]

<Location "/my-app/view/myView.xhtml">
    <If "reqenv('no_auth_required') == 1">
        Require uniqueID user1ID user2ID
    </If>
</Location>