To reduce spam, my website has the following in .htaccess:
GeoIPEnable On
SetEnvIf GEOIP_COUNTRY_CODE AU AllowCountry
Deny from all
Allow from env=AllowCountry
However, Facebook now complains it can't access my site's privacy policy page https://www.example.com/privacy.php - it receives a 403.
Facebook needs access to this page to keep the login with Facebook feature compliant with privacy laws.
How do I whitelist this URL from the GEO block above, please?
To whitelist that particular URL you could just set the AllowCountry env var when that URL is requested. For example:
SetEnvIf Request_URI "^/privacy\.php$" AllowCountry
Aside: Although why does FB need to access your "privacy policy page"? And why is it seemingly only complaining about that one URL?