htaccess redirect wp-json based on cookie

[rx3mer]

Hi all,

I've done something similar with my wp-content folder where I protect the files from being downloaded if you are not logged in and everything works just fine.

With the following code I am trying to say:

• #if the user doesen't have the cookie "wordpress_login_in"
• # and the url is wp-json ...
• # redirect to google

RewriteCond %{HTTP_COOKIE} !.*wordpress_logged_in.*$ [NC]
RewriteCond %{REQUEST_URI} ^.*wp-json/wp/v2/(users|comments|posts|pages|media|types|statuses|taxonomies|categories|tags|settings) [NC]
RewriteRule ^ http://www.google.com [NC,L]

Can anybody tell me why the script doesn't work? I am still seeing the JSON file 

(i have tried redirects from files and folders and everything seems okay. I've also tried creating wp-json folder but then that breaks the api from displaying)

[requinix]

Don't redirect. Just give a normal 403 error.

Better yet, use WordPress's authentication mechanism instead of doing it yourself.

[rx3mer]

3 hours ago, requinix said:

Don't redirect. Just give a normal 403 error.

Better yet, use WordPress's authentication mechanism instead of doing it yourself.

I will give the 403 error a try. Unfortunatly I need it done using .htaccess

I just cant figure out why the redirect wouldnt work

[requinix]

It seems fine to me.

Are you sure you're not logged in? And more that the cookie does not exist? Try with a fresh incognito/private browser window.

[rx3mer]

I've checked the cookies and I've tried cleaning the browser cookies/history a thousand times. I was woundering if it's something to do with the Apache configuration, but htaccess does work and I am able to restrict files and folders. As you know "/wp-json" folder doesen't exist on the server as it's just the API endpoint ?

I will try a different server tomorrow and see how it goes

Edited November 29, 2018 by rx3mer