I need help with htaccess

I want allow access to a page only if the user comes from a specific url

A website with two HTML pages, A and B.
Both can be accessed by typing the URL, of course.
However, can I disallow any access to page B, and only allow it if the user is coming from page A? As in, a link in page A that redirects to page B.

is this possible even if page A is in a different directory than page b?

I found this snippet of code but it gives me an 500 internal server error


RewriteCond %{HTTP_REFERER} !^http://www.yoursite.com/A.html$
RewriteRule B.html - [F,NC]

thank you for help

The above snippet is correct and should work

Can you post the complete .htaccess file?

Hi
Yes the snippet is correct!
I found out why it didn't work. It was my fault. I wrote all the code in one line. a line break after the $ sign was the solution :)

Thank You

I want allow access to a page only if the user comes from a specific url…

Keep in mind that, while this will work under ideal circumstances, it is not reliable. The referer header is send by the client (browser) and is easily spoofed. In addition, it is not unusual for it to be changed as a request is passed from server to server, and some browsers omit it altogether. If you are trying to address a security concern (or anything else that is important), it is not a suitable solution.

To add to what traq said:

Both can be accessed by typing the URL, of course.
However, can I disallow any access to page B, and only allow it if the user is coming from page A? As in, a link in page A that redirects to page B.
There are three types of requests:
1. From page A (or your domain, or whatever is the "right" location).
2. From page B (or another domain, or whatever is the "wrong" location).
3. From NO PAGE (such as typing in the URL by hand).

You would need to decide what to do with each. You can do (1) and (2) easily enough if you want. But the problem is (3).

(3) will occur for:
i) No referrer-- when someone types in the URL manually or when they have it set as their homepage, and so forth.
ii) When a browser doesn't sent referrer information.
iii) When someone hides their referrer information.

Because of (iii) [and (ii)] you can't use this for security by blocking only (2) above (as traq said), and because of (i) and (ii) you cannot use this for security by only allowing (1) above.

There is no good solution, unfortunately.