Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    New to the CF scene
    Join Date
    Sep 2011
    Posts
    4
    Thanks
    1
    Thanked 0 Times in 0 Posts

    .htaccess restricted to specific url referrer

    Hi,

    I have been trying to get this to work for a few hours now. I've searched online and found various methods, but none have worked for me.

    Basically, I have a directory that I don't want outside access to (it will have audio download files in it). It is part of a username and password protected directory and I only want logged in users to have access.

    The directory I want protection on is:
    www.mysite.com/kit/media_files/

    The referring page I want to allow access from is:
    www.mysite.com/kit/index.php

    If someone tries to access any of the files in the kit/media_files directory, I want them redirected to kit/index.php.

    Here is my latest try, which didn't work. This .htaccess file is in the kit/media_files directory. I also wondered if I should place this code into the main .htaccess file, or should it be in a specific file just for this directory? I tried both and neither work.

    Code:
    RewriteEngine on
    RewriteBase /
    RewriteCond %{HTTP_REFERER} !^http://mysite\.com\.kit/index.php [NC]
    RewriteCond %{HTTP_REFERER} !^http://www\.mysite\.com\.kit/index.php [NC]
    RewriteRule ^.*$ http://mysite.com.kit/index.php [R=301,L]
    If there is a better way to restrict access to this folder to the outside public I'm open to try anything. I just want to make sure only registered users can get into these files.

  • #2
    New Coder
    Join Date
    Jul 2011
    Posts
    67
    Thanks
    0
    Thanked 13 Times in 13 Posts
    Why are you redirecting to and comparing against .com.kit, unless this is some kind of new TLD I'm not aware (and it sounds like it's just a folder in your case), then that's definitely at least part of your problem.

  • #3
    New to the CF scene
    Join Date
    Sep 2011
    Posts
    4
    Thanks
    1
    Thanked 0 Times in 0 Posts
    No, I'm trying to only allow access to visitors that come from www.mysite.com/kit/index.php

    I don't understand the syntax for .htaccess code, and I'm sure that's my problem in this whole thing. I've seen many examples online that use /\ inbetween addresses and many that don't use any slashes, but I haven't been able to get either to work.

    I'm just hoping someone can show me the correct usage of the code.

  • #4
    New Coder
    Join Date
    Jul 2011
    Posts
    67
    Thanks
    0
    Thanked 13 Times in 13 Posts
    There's nothing too magical about mod_rewrite, you just need some fundamental Regex knowledge. In your case you are simply attempting to match a URI, so you just put in the URL, the only special case is the full stops in the path. A full stop character in regex means (put basically) match anything. To stop it having that meaning and simply mean match a full stop you escape it with a backslash.

  • Users who have thanked Cags for this post:

    shaunmacie (09-06-2011)

  • #5
    New to the CF scene
    Join Date
    Sep 2011
    Posts
    4
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Okay, so I'm a step closer, but it's not handling the redirect function correctly when I come from my intended page. When I'm on the index.php page, I want to have access to the directory and link to audio files that will be in it. No matter what url I'm coming from, it's redirecting me out to the RewriteRule url (aka -not letting me in when accessed from the allowed referer like I want it to, index.php). So, something is wrong in the referer line where it's not seeing that I'm coming from that page.

    I am completely unfamiliar with coding custom .htaccess files....as you can tell...

    Code:
    RewriteEngine on
    RewriteBase /
    RewriteCond %{HTTP_REFERER} !^http://mysite.com/kit/index.php [NC]
    RewriteCond %{HTTP_REFERER} !^http://www.mysite.com/kit/index.php [NC]
    RewriteRule ^.*$ http://mysite.com/kit/ [R=301,L]
    Last edited by shaunmacie; 09-06-2011 at 04:44 PM.

  • #6
    New Coder
    Join Date
    Jul 2011
    Posts
    67
    Thanks
    0
    Thanked 13 Times in 13 Posts
    Have you tried a different browser? As a general rule I always test using R=302, because you browser can cache the 301 redirect, so even when you might have the right solution, you don't realise because the redirect for the original request has been cached by your browser and as such is never hitting your server.

    In theory a request for mysite.com/kit/somefile.extension should get redirected to the kit folder unless the referrer matches one of those two strings.

    In answer to your original question though, there are better ways of achieving this. A simple one is to set a cookie on their computer when they log in. Then redirect the request if it doesn't have a cookie attached to it.

    Code:
    RewriteCond %{HTTP_COOKIE} !somecookie=([^;]+)
    RewriteRule .* http://mysite.com/login.php [R=302,L]

  • #7
    New to the CF scene
    Join Date
    Sep 2011
    Posts
    4
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Restricting it with a cookie worked like a dream! I don't care how it works, as long as it does!



    Thanks for the insight!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •