Hi, hope i am posting this in the right section.
However i am wondering if it is possible to only ALLOW access from a certain referrer. basically, i would like all requests to a file to be denied unless it is linked from a specific website, or at least a specific domain. is this possible to do using htaccess or any other method?
SetEnvIf Referer "^http://example.com/" let_me_in
# Remember that the referer isn't always sent. The following line lets
# them in too, if you don't want this, comment it out with a #
SetEnvIf Referer "^$" let_me_in
Deny from all
Allow from env=let_me_in
You can change "^http://example.com/" to your URL, if you want to only allow a certain URL like http://example.com/page.html put a $ before the last " ("^http://example.com/page.html$").
Hi, that solution is still working great, but i have another unrelated question also about htaccess. I read in the tutorial that the htaccess file will apply itself to all subfolders by default. However it also says that if you put a different htaccess file into a subfolder, that it is this htaccess file that should take priority (within that subfolder).
I have a folder called 'media' which is password protected using htaccess. this is working fine. however, i am puting some subfolders into the 'media' folder which i dont want password protected at all. For these folders i have put a new htaccess file into them without the code requiring authorization. however when i try to access these folders i still am prompted for a password based on the htaccess file in the 'media' folder.
What am i doing wrong?
When i had a go at this i couldn't find any way to re-authorize access. This is possibly because .htaccess files are read for root to current directory, so the authentication is sent before the server gets to the last .htaccess file (more info: http://httpd.apache.org/docs/2.0/how...cess.html#when somewhere in that section). It might be possible though...
<Limit GET POST>
allow from all
I wanted to use a 'deny from none' statement, but as far as I know it doesn't exist. In fact putting it into htaccess can cause an undesirable delay as Apache tries to resolve the address of the URI 'none'.
The above code should allow your lower level folders access by anyone.