httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Lopez <>
Subject Re: security/redirection
Date Mon, 21 Jan 2002 17:30:52 GMT


You can rely on the REferer: header, but that is not secure as the client is
the one that provides it. You can try setting up a reverse proxy, forcing
all requests to pass thru before reaching
Check for a
general introduction to reverse proxies
Check the mod_rewrite documentation for some examples on how to do that for
what you suggest.


On Mon, Jan 21, 2002 at 08:25:02AM -0500, Markley, Aaron wrote:
> Hello all,
> I have a working authorization scheme for my website, let's call it
>, which first asks for username and
> password (using the various "Auth" directives in the virtual host
> definition), and then if valid will redirect to the site on our local
> intranet that I want secured, http://999.9.9.999.  This whole scheme works
> until someone types in the IP address directly; then there isn't any
> authentication at all.  Is there a way to completely block access to
> 999.9.9.999 except from the redirection site?
> Thanks,
> Aaron

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message