Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: restricting linking from within the same domain |
|
| Author |
|
novadoft
Joined: 03 Jul 2006
Posts: 4
Location: home
|
 Posted: Fri 07 Jul '06 4:07 Post subject: restricting linking from within the same domain |
 |
|
hi, i have a login page, https://localhost/login.html and i want to restrict access from everyone into my private directory in https://localhost/private/
the only way a user to access the pages in the private directory is to log-in from login.html
i read up tutorials on setting the .htaccess and other stuff about preventing hotlinking but it does not work. right now, it just blocks everything, including the link from login.html
i had setted up an apache 2.2.2 server now.
what i had done:
in the httpd.conf file, i had changed 'AllowOverride All' for directives that may be placed in .htaccess files.
and in the .htaccess file:
RewriteEngine on
#RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^https://localhost/ [NC]
RewriteRule \.(html|XML|php|txt)$ /blank.html [F]
in the code above, i don't want anybody to just enter the link and access the page (line 2 which is commented out), i want only linking from https://localhost/ to go through, and line4, for all those requests to go to blank.html
i think there are syntax errors as well as things i am missing out...
pls advice..
thank you!!
damon |
|
| Back to top |
|
novadoft
Joined: 03 Jul 2006
Posts: 4
Location: home
|
| Posted: Fri 07 Jul '06 8:08 Post subject: some improvements.. |
|
|
after some google-ing, i found some sites and my .htaccess has changed to:
SetEnvIfNoCase Referer "^https://localhost/" local_ref=1
<FilesMatch "\.(html|js|php|XML|txt)">
Order Allow,Deny
Allow from env=local_ref
</FilesMatch>
I know it worked somehow when i couldn't directly access those files in my private directory by entering the filepath on the address bar. It gives a HTTP Error 403 - Forbidden.
However, when my own page links to the pages in the private folder, it gives a HTTP Error 404 - file not found.
I wonder what went wrong. I thought in my .htaccess, I had already let the localhost be an allowed referer?
pls advice
damon |
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU
|
| Posted: Fri 07 Jul '06 14:06 Post subject: |
|
|
Good article about hotlinking with mod_rewrite can you find at: http://rewrite.drbacchus.com/rewritewiki/ImageTheft
Be ware that it is not 100% proof. When you direct go to your site (Direct address / Bookmarks ) then there is no HTTP_REFERER
Steffen |
|
| Back to top |
|
novadoft
Joined: 03 Jul 2006
Posts: 4
Location: home
|
| Posted: Mon 10 Jul '06 2:46 Post subject: if I strictly want a referrer? |
|
|
hi, lets say i've a directory of files that I do not want other people who happen to know the link to directly access it, and the only way to access it is from a link from my website (after a login)... what are the ways to do it (not restricting to changing settings in apache)?
thanks for your reply.. |
|
| Back to top |
|
|
|
|
|
|
