11-17-2005, 08:54 PM
Hi, hope i am posting this in the right section.
However i am wondering if it is possible to only ALLOW access from a certain referrer. basically, i would like all requests to a file to be denied unless it is linked from a specific website, or at least a specific domain. is this possible to do using htaccess or any other method?
thanks in advance
11-17-2005, 10:45 PM
SetEnvIf Referer "^http://example.com/" let_me_in
# Remember that the referer isn't always sent. The following line lets
# them in too, if you don't want this, comment it out with a #
SetEnvIf Referer "^$" let_me_in
Deny from all
Allow from env=let_me_in
You can change "^http://example.com/" to your URL, if you want to only allow a certain URL like http://example.com/page.html put a $ before the last " ("^http://example.com/page.html$").
Edit: this page (http://httpd.apache.org/docs/1.3/env.html) has more information.
Edit2: forgot "let_me_in" after SetEnvIf Referer "^$".
11-17-2005, 11:35 PM
wow! thanks for the fast reply! i will try this now and let you know how it goes.
11-18-2005, 12:56 AM
after i figured out the url formatting, this is working great! I can't thank you enough.
11-18-2005, 09:24 PM
Hi, that solution is still working great, but i have another unrelated question also about htaccess. I read in the tutorial that the htaccess file will apply itself to all subfolders by default. However it also says that if you put a different htaccess file into a subfolder, that it is this htaccess file that should take priority (within that subfolder).
I have a folder called 'media' which is password protected using htaccess. this is working fine. however, i am puting some subfolders into the 'media' folder which i dont want password protected at all. For these folders i have put a new htaccess file into them without the code requiring authorization. however when i try to access these folders i still am prompted for a password based on the htaccess file in the 'media' folder.
What am i doing wrong?
11-18-2005, 10:03 PM
When you say you put a different htaccess file in the sub-folders, did you just put a blank htaccess file in the sub-folder, or did you add an Allow all line to the new file?
11-19-2005, 12:05 AM
I did not add any allow lines, and maybe this is the problem. I just put in a htaccess file that had some other unrelated commands but which had nothing in it about authorizations.
What would the line(s) look like that re-authorized all users to access the folder?
11-19-2005, 12:45 AM
When i had a go at this i couldn't find any way to re-authorize access. This is possibly because .htaccess files are read for root to current directory, so the authentication is sent before the server gets to the last .htaccess file (more info: http://httpd.apache.org/docs/2.0/howto/htaccess.html#when somewhere in that section). It might be possible though...
11-19-2005, 05:52 PM
Try the following:
<Limit GET POST>
allow from all
I wanted to use a 'deny from none' statement, but as far as I know it doesn't exist. In fact putting it into htaccess can cause an undesirable delay as Apache tries to resolve the address of the URI 'none'.
The above code should allow your lower level folders access by anyone.