httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Myles Wakeham" <>
Subject RE: [users@httpd] Looking for suggestions for URL redirection
Date Fri, 18 Jan 2008 22:48:53 GMT
Thank you for this suggestion.  I think I can see a way of doing it with

Much appreciated.


-----Original Message-----
From: Michael McGlothlin [] 
Sent: Friday, January 18, 2008 3:37 PM
Subject: Re: [users@httpd] Looking for suggestions for URL redirection

I'd suggest using RewriteCond's in Apache to check the request headers 
for the right behavior and to deny if not right.
> Hi there, I hope that someone might have an idea or suggestion to help 
> me here.
> I have a web application running on Linux in Apache 2, php5. The 
> application manages a media database that is accessed by subscription. 
> The content is served off separate Apache servers - some are located 
> in different geographic regions. All users access the content by 
> common URL, such as
> I use .htaccess with mod_rewrite to modify the incoming URL to a PHP 
> script such as 
> <>
> This works great and the PHP script is called, logs the request, 
> checks the user's subscription rights, and if ok redirects them to the 
> actual file to obtain by way of a Header() command (ie. Modifies the 
> HTTP header to do a Location: .. To where the file actually resides).
> Although this works perfectly, the problem is that the user's browser 
> will change to reflect the endpoint URL where the file actually 
> resides. Users then simply have been cutting & pasting this URL into 
> their own websites and providing unaudited access to the raw file 
> directly and bypassing our script.
> I need to find a way to do this without displaying the endpoint URL to 
> the user in anyway. But it has to be able to be done through a PHP 
> script. Clearly Header() in PHP isn't cutting it. I also have to use 
> Apache at each endpoint web server location.
> I'm wondering if anyone has a suggestion on how best to do this? Can I 
> install something in .htaccess on the endpoint server end to reject 
> incoming requests that are not via authenticated redirects? Can I use 
> the HTTP_REFERRER in some way to ensure that what has come to this 
> server came by way of a legitimate referral?
> All ideas are greatly appreciated.
> Thanks
> Myles

Michael McGlothlin
Southwest Plumbing Supply

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message