Jump to content
modaven

.htaccess - Allow Only By Referer

Recommended Posts

Good afternoon-

 

I have browsed the forums as well as the web looking for an answer to this question. Hope someone out there can help.

 

I need to create a .htaccess file that will only allow the files in the folder to be seen if the "referer" is from a particular site (or possibly two sites). I have found a lot of solutions out there for people who want to block specific sites, but I can't seem to figure out how to only allow specific sites. I have done some trial and error based on some of the things I have found, but with no luck.

 

Any ideas?

 

Thanks in advance!

 

David

Share this post


Link to post
Share on other sites

Hi David,

 

Welcome to the forums :)

 

I haven't tested it, but try;

>RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_REFERER} !^http://www\.your_domain_name\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://www\.OKdomain1\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://www\.OKdomain2\.com/ [NC]
RewriteRule ^.*$ http://www.your_domain_name.com/not_allowed_here.htm [R=301,L]

 

or I'd try something along those lines anyway - with the not_allowed_here.htm being a page I redirected all those I don't want to.

Share this post


Link to post
Share on other sites

Thanks, Andy! I'll give that a try this evening after I take the little one out for some trick-or-treating. That way I'll be good an hopped up on sugar when I try it out! :)

Share this post


Link to post
Share on other sites
Hi David,

 

Welcome to the forums :)

 

I haven't tested it, but try;

>RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_REFERER} !^http://www\.your_domain_name\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://www\.OKdomain1\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://www\.OKdomain2\.com/ [NC]
RewriteRule ^.*$ http://www.your_domain_name.com/not_allowed_here.htm [R=301,L]

 

or I'd try something along those lines anyway - with the not_allowed_here.htm being a page I redirected all those I don't want to.

 

So I have been trying different variables of the above for a couple days not with no luck. I can get the page to redirect to the "not_allowed_here", but everything goes there, even the request from the referer I want. Here's what I am using, but is not working...

 

>RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_REFERER} !^http://www\.yahoo\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://www\.google\.com/ [NC]
RewriteRule ^.*$ http://www.totalchoicehosting.com [R=301,L]

 

The site I am trying to get to is www.vzbmarketcenter.com. Based on what I have above, I would think that anything coming from yahoo.com, www.yahoo.com, google.com or www.google.com would be able to get through, but anything else would go to www.totalchoicehosting.com. I also tried getting rid of the "\"'s, but got the same results.

 

Sorry, I am not up on the syntax of this, which is probably my problem.

 

Any thoughts?

 

Thanks again!!!

 

David

Share this post


Link to post
Share on other sites

Hi David,

 

You would need to include your own domain name in the list (otherwise you won't be able to link from one page to another ....) I also suspect you will also need to include a blank (or no refferer) since if you type it in your browser it does not have any refferer.

Share this post


Link to post
Share on other sites

Andy-

 

Thanks again! It was the fact that I was missing my own URL that was keeping it from working. I left the referer = "blank" out because I don't want people to be able to type in the URL, they have to come from the site on the list.

 

Thanks again!!!

 

David

Share this post


Link to post
Share on other sites

Hi David,

 

One problem you will have is that some versions of norton no longer give a referrer as a header, and hence you will not be able to block them, joys of the internet!

 

JimE

Share this post


Link to post
Share on other sites
It's not only Norton that can block refers.

 

Yeah, it is my customer that is requiring that we limit the site to only be accessible by people coming from their site, and this is the only way I know of doing that. So seems that it is what it is.

 

Thanks again, all!

 

David

Share this post


Link to post
Share on other sites

Basically you'll have to make it so th escript only allows if the referer is the allowed site or if it is blank.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...