CODEWITHSUNDEEP
apache.htaccesshttpslamp
user371051
user371051

Reputation: 39

Authorizing access through htaccess with both http and https

I've searched for solutions and not finding a clear answer - It's a little out of my field but I need to find an answer in a pinch.

I use an .htaccess to verify and allow access to certain webpages from outside links. here's a sample of what I use:

AuthUserFile /dev/null
AuthGroupFile /dev/null

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://www.website_abc.com/
RewriteCond %{HTTP_REFERER} !^http://www.website_xyz.com/

RewriteRule /* http://www.mysite.com/denied_message.php [R,L]

this works as I want it to - I list the sites that I want to access and park .htaccess in a root directory.

My problem is when someone is linking from HTTPS it block's them even if they are in the list (and I tried putting https in the list as well). I found various answers but none that I fully understood or that did the trick.

one was using :

RewriteCond %{HTTPS} on

but that allowed anyone in from any location.

Can someone spell this out for me?

apache / LAMP

Thanks!

Upvotes: 0

Views: 947

Answers (1)

Jon Lin
Jon Lin

Reputation: 143886

RewriteCond %{HTTPS} on

This adds a condition that the actual request for your site is through HTTPS. You only want to match the referer. I'm not sure what you've tried as far as adding https:// versions of what you have in your referer checks, but this works when I put them in a blank htaccess file:

RewriteEngine On

RewriteCond %{HTTP_REFERER} !^http://www.website_abc.com/
RewriteCond %{HTTP_REFERER} !^http://www.website_xyz.com/
RewriteCond %{HTTP_REFERER} !^https://www.website_abc.com/
RewriteCond %{HTTP_REFERER} !^https://www.website_xyz.com/

RewriteRule /* http://www.mysite.com/denied_message.php [R,L]

Upvotes: 2

Related Questions