httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wade Evans <wade.p.ev...@gmail.com>
Subject Re: [users@httpd] Directory access control by referer and password auth
Date Tue, 25 Dec 2012 02:28:38 GMT
Are you certain that this will suit your security needs?  HTTP_REFERRER is
easy to spoof...




On Mon, Dec 24, 2012 at 5:10 PM, Andrey Utkin <
andrey.krieger.utkin@gmail.com> wrote:

> I need to control access to particular directory with following logics:
> if HTTP_REFERER is certain site (but not the same as in requested
> document URL), then grant access;
> else, authorize by password (i.e. pass basic authentication)
> Reading apache 2.4 docs i found there's new directive "If", which seem
> to make my task simpler. But now i have httpd 2.2 installed. It is
> possible to upgrade, but i'd be grateful for description of both cases
> - using latest version features, and way suitable for 2.2.
> Thanks for any help.
>
> --
> Andrey Utkin
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message