httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <ylavic....@gmail.com>
Subject Re: [users@httpd] .htaccess
Date Sat, 16 Sep 2017 17:46:38 GMT
Hi Rondon,

On Fri, Sep 15, 2017 at 12:27 AM, Rondon <djrondon@gmail.com> wrote:
> Hi Folks,
>
> Sorry to bother you.
> My website is using apache at Dreamhost.
>
> I'm authenticating using a require valid-user at .htaccess
> But I need to add more directives to authenticate the access by Referer.
>
> If the user comes from a specific referer, the user doesn't have to receive
> the authentication box and bypass the authentication.

First I must say that it's IMHO not a wise thing to do!
Keep in mind that the Referer can be forged at wish one by any user,
fooling your authorizations...

>
> Is that possible?

If you really want to though, possibly something like:

>
> My .htaccess file is:
>
> AuthName "My Security Area"
> AuthType Basic
> AuthUserFile  /myusersfilepath/

SetEnvIf Referer ^https?://my.referer.host/and/path let_me_in
Require env let_me_in
> require valid-user

in that order.


Regards,
Yann.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message