I've been trying to get this working and don't know where it's going wrong.
In the apache config I have the following section:
<Directory /var/www/html/>
AuthType Kerberos
AuthName "Login"
KrbMethodNegotiate on
KrbMethodK5Passwd on
KrbAuthRealms EXAMPLE.LOCAL
KrbServiceName HTTP/example.local@EXAMPLE.LOCAL
Krb5KeyTab /etc/httpd/conf/http.keytab
<RequireAny>
Require valid-user
Require local
Require ip 192.168.2.190
Require expr %{REQUEST_URI} =~ m#/my/InvalidCredentials#
Require expr %{REQUEST_URI} =~ m#/my/PublicPage/*#
</RequireAny>
</Directory>
The pages I'm trying to exclude from the authentication are like this:
All but the Require expr statements are working, the expressions must be wrong, but no idea what is wrong with it.
I believe you should try with "If" instead before the RequireAny like this:
<If "%{REQUEST_URI} =~ m#(/my/InvalidCredentials$|/my/PublicPage/)#">
Require all granted
</If>
<Else>
<RequireAny>
#all checks except the require expr
</RequireAny>
</Else>
For me it looks simpler, more coherent and for me it works this way.
About your check, I am not really sure why it doesn't work, all the examples in the docs enclose expr with quotes but not sure its just that, but hope this other option helps.
In any case here is the link for Require expr examples for quicker reference: Require expr