httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <>
Subject Re: [users@httpd] .htaccess
Date Sat, 16 Sep 2017 17:46:38 GMT
Hi Rondon,

On Fri, Sep 15, 2017 at 12:27 AM, Rondon <> wrote:
> Hi Folks,
> Sorry to bother you.
> My website is using apache at Dreamhost.
> I'm authenticating using a require valid-user at .htaccess
> But I need to add more directives to authenticate the access by Referer.
> If the user comes from a specific referer, the user doesn't have to receive
> the authentication box and bypass the authentication.

First I must say that it's IMHO not a wise thing to do!
Keep in mind that the Referer can be forged at wish one by any user,
fooling your authorizations...

> Is that possible?

If you really want to though, possibly something like:

> My .htaccess file is:
> AuthName "My Security Area"
> AuthType Basic
> AuthUserFile  /myusersfilepath/

SetEnvIf Referer ^https?:// let_me_in
Require env let_me_in
> require valid-user

in that order.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message