SetEnvIf not working on specific URL

Question

I've got a password protected site, and I'm trying to allow a specific URL through so that it works for a Payment callback. The site is built using CakePHP.

The below works great however the Allow from env=allow is just not being taken into account (I've tried with my own IP address too). The setenvif mod is enabled in Apache and the other "Allow from" lines work fine. FYI it's running on Ubuntu on EC2. I've also searched on the site for similar issues and solutions but to no avail.

I've checked the $_SERVER global array in PHP for the "allow" environment variable and it exists so running out of ideas. Any help would be much appreciated!

SetEnvIf Request_URI ^/secure_trading/callback allow=1
SetEnvIf Request_URI ^/secure_trading/callback$ allow=1
SetEnvIf Request_URI "/secure_trading/callback" allow=1
SetEnvIf Request_URI "/app/weboot/secure_trading/callback" allow=1

AuthName "Protected"
AuthGroupFile /dev/null
AuthType Basic
AuthUserFile /var/www/domain.co.uk/.htpasswd

Order deny,allow
Satisfy Any
Deny from all
Allow from 127.0.0.1
Allow from env=allow
require valid-user

<IfModule mod_rewrite.c>
   RewriteEngine on
   RewriteRule    ^$ app/webroot/    [L]
   RewriteRule    (.*) app/webroot/$1 [L]
</IfModule>