Advanced Search

Results 1 to 5 of 5

Thread: allow access to a HTML page only if the user comes from a specific url with htaccess

  1. #1
    Join Date
    Jul 2007
    Posts
    18
    Thanks
    4
    Thanked 0 Times in 0 Posts

    Default allow access to a HTML page only if the user comes from a specific url with htaccess

    I need help with htaccess

    I want allow access to a page only if the user comes from a specific url

    A website with two HTML pages, A and B.
    Both can be accessed by typing the URL, of course.
    However, can I disallow any access to page B, and only allow it if the user is coming from page A? As in, a link in page A that redirects to page B.

    is this possible even if page A is in a different directory than page b?

    I found this snippet of code but it gives me an 500 internal server error

    Code:
    RewriteCond %{HTTP_REFERER} !^http://www.yoursite.com/A.html$
    RewriteRule B.html - [F,NC]
    thank you for help

  2. #2
    Join Date
    Dec 2013
    Posts
    2
    Thanks
    0
    Thanked 1 Time in 1 Post

    Default

    The above snippet is correct and should work

    Can you post the complete .htaccess file?

  3. The Following User Says Thank You to nvedia For This Useful Post:

    Marquis (12-31-2013)

  4. #3
    Join Date
    Jul 2007
    Posts
    18
    Thanks
    4
    Thanked 0 Times in 0 Posts

    Default

    Hi
    Yes the snippet is correct!
    I found out why it didn't work. It was my fault. I wrote all the code in one line. a line break after the $ sign was the solution

    Thank You

  5. #4
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,627
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    Quote Originally Posted by Marquis View Post
    I want allow access to a page only if the user comes from a specific url…
    Keep in mind that, while this will work under ideal circumstances, it is not reliable. The referer header is send by the client (browser) and is easily spoofed. In addition, it is not unusual for it to be changed as a request is passed from server to server, and some browsers omit it altogether. If you are trying to address a security concern (or anything else that is important), it is not a suitable solution.
    We Only Torture the Folks We Don't Like (You're Probably Gonna Be Okay)
    It's a Party in the CIA

  6. #5
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,156
    Thanks
    262
    Thanked 690 Times in 678 Posts

    Default

    To add to what traq said:
    Both can be accessed by typing the URL, of course.
    However, can I disallow any access to page B, and only allow it if the user is coming from page A? As in, a link in page A that redirects to page B.
    There are three types of requests:
    1. From page A (or your domain, or whatever is the "right" location).
    2. From page B (or another domain, or whatever is the "wrong" location).
    3. From NO PAGE (such as typing in the URL by hand).

    You would need to decide what to do with each. You can do (1) and (2) easily enough if you want. But the problem is (3).

    (3) will occur for:
    i) No referrer-- when someone types in the URL manually or when they have it set as their homepage, and so forth.
    ii) When a browser doesn't sent referrer information.
    iii) When someone hides their referrer information.

    Because of (iii) [and (ii)] you can't use this for security by blocking only (2) above (as traq said), and because of (i) and (ii) you cannot use this for security by only allowing (1) above.

    There is no good solution, unfortunately.
    Daniel - Freelance Web Design | <?php?> | <html>| espa˝ol | Deutsch | italiano | portuguŕs | catalÓ | un peu de franšais | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

Similar Threads

  1. .htaccess forbidden access need a rewrite
    By sniperman in forum JavaScript
    Replies: 1
    Last Post: 04-21-2011, 03:50 AM
  2. non www cannot access other page .htaccess
    By robert_gsfame in forum Other
    Replies: 2
    Last Post: 08-28-2010, 01:57 AM
  3. Replies: 1
    Last Post: 07-12-2010, 11:35 PM
  4. HTACCESS Question About Restricting Access
    By smitsmah in forum Dynamic Drive scripts help
    Replies: 1
    Last Post: 03-13-2009, 02:21 PM
  5. .htaccess directory access
    By CoolD78 in forum JavaScript
    Replies: 0
    Last Post: 03-03-2008, 05:56 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •