logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: restricting linking from within the same domain
Author
novadoft



Joined: 03 Jul 2006
Posts: 4
Location: home

PostPosted: Fri 07 Jul '06 4:07    Post subject: restricting linking from within the same domain Reply with quote

hi, i have a login page, https://localhost/login.html and i want to restrict access from everyone into my private directory in https://localhost/private/

the only way a user to access the pages in the private directory is to log-in from login.html

i read up tutorials on setting the .htaccess and other stuff about preventing hotlinking but it does not work. right now, it just blocks everything, including the link from login.html

i had setted up an apache 2.2.2 server now.
what i had done:

in the httpd.conf file, i had changed 'AllowOverride All' for directives that may be placed in .htaccess files.

and in the .htaccess file:

RewriteEngine on
#RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^https://localhost/ [NC]
RewriteRule \.(html|XML|php|txt)$ /blank.html [F]

in the code above, i don't want anybody to just enter the link and access the page (line 2 which is commented out), i want only linking from https://localhost/ to go through, and line4, for all those requests to go to blank.html

i think there are syntax errors as well as things i am missing out...

pls advice..

thank you!!

damon
Back to top
novadoft



Joined: 03 Jul 2006
Posts: 4
Location: home

PostPosted: Fri 07 Jul '06 8:08    Post subject: some improvements.. Reply with quote

after some google-ing, i found some sites and my .htaccess has changed to:

SetEnvIfNoCase Referer "^https://localhost/" local_ref=1
<FilesMatch "\.(html|js|php|XML|txt)">
Order Allow,Deny
Allow from env=local_ref
</FilesMatch>


I know it worked somehow when i couldn't directly access those files in my private directory by entering the filepath on the address bar. It gives a HTTP Error 403 - Forbidden.

However, when my own page links to the pages in the private folder, it gives a HTTP Error 404 - file not found.

I wonder what went wrong. I thought in my .htaccess, I had already let the localhost be an allowed referer?

pls advice

damon
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 3049
Location: Hilversum, NL, EU

PostPosted: Fri 07 Jul '06 14:06    Post subject: Reply with quote

Good article about hotlinking with mod_rewrite can you find at: http://rewrite.drbacchus.com/rewritewiki/ImageTheft

Be ware that it is not 100% proof. When you direct go to your site (Direct address / Bookmarks ) then there is no HTTP_REFERER

Steffen
Back to top
novadoft



Joined: 03 Jul 2006
Posts: 4
Location: home

PostPosted: Mon 10 Jul '06 2:46    Post subject: if I strictly want a referrer? Reply with quote

hi, lets say i've a directory of files that I do not want other people who happen to know the link to directly access it, and the only way to access it is from a link from my website (after a login)... what are the ways to do it (not restricting to changing settings in apache)?

thanks for your reply..
Back to top


Reply to topic   Topic: restricting linking from within the same domain View previous topic :: View next topic
Post new topic   Forum Index -> Apache