Reputation: 13
.htaccess to restrict access from all except one specific url
I'm using a membership script to allow access to private files by a group of people. The problem is anyone who knows the link to the files can easily bypass the membership script and have direct access to the files. My goal is to prevent direct URL access through http://domain.com/folder1/folder2/index.php and to only accept access from http://domain.com/folder1/file_with_link_to_index.php. The membership script is useless unless I can prevent people typing in the url to the file locations.
I'm having a hard time even beginning to understand Apache but what I was attempting to do was to use "Deny All" and then "Allow from http://folder1/file_with_link_to_index.php." so that access to the files could only be access through the "file_with_link~" only. It didn't work. I was still able to paste the url to the files into the browser and access the directory.
I found similar questions on StackO but not enough experience to understand and actually take the little pieces that were similar to my problem and actually use them. It's probably something simple but I'm so frustrated with trying to figure this out that I can't see it.
Here's a quick example of what I was trying to use:
deny all except those indicated here
<Limit GET POST PUT>
order deny,allow
deny from all
allow from 12.345.67.890
allow from http://domain.com/fold1/LINKING_FILE/program_index.php
</Limit>
I'm pretty sure I'm failing on the way the domain is supposed to be written and maybe that's why it's not working?
Upvotes: 1
Views: 5076
Answers (2)
Reputation: 13
jTheMan was right. There was a better way of tackling this using PHP. My fix for my problem is below just in case it's useful to anyone else. The only awesome addition would be to make the code below allow direct URL access from just one IP, like my own :0)
I added the following file to the "head" or "index" or to the very top of the page that was called first in each application:
//Begin refuse direct URL Connections
$refering=parse_url($_SERVER['HTTP_REFERER']);
if($refering['host']==$_SERVER['HTTP_HOST']){
echo "";
} else {
header("Location: http://www.yourdomain.com");
exit();
}
//End refuse direct URL Connections
Thank you!
Upvotes: 0
Reputation: 7491
I would use another approach to this than by htaccess. Put the files in a directory unreachable for the public web, then use your membership php script to retrieve them.
Upvotes: 1
Related Questions
- Block one specific URL by htaccess
- .htaccess deny access to all except to one file
- Restrict access to specific url htaccess
- Block specific URL in .htaccess
- .htaccess prevent access except one directory
- htaccess deny access specific url but with 1 exception
- Restrict HTTP access to single page with .htaccess
- .htaccess - Allow access only if URL matches exactly
- How to block access to specific URL?
- Allow accessing a file only from specific URL in HTACCESS