httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rondon <djron...@gmail.com>
Subject Re: [users@httpd] .htaccess
Date Mon, 18 Sep 2017 19:53:52 GMT
Hi Yann,

But I need to have both working..
By Referer bypass the user authentication
if Referer is different it needs the user authentication.

Cheers,

Rondon

---------------------------------------------------------------------------------------------
Your life is shaped by your mind and you become what you think.
Dhampada - Twin Verses.

2017-09-16 14:46 GMT-03:00 Yann Ylavic <ylavic.dev@gmail.com>:

> Hi Rondon,
>
> On Fri, Sep 15, 2017 at 12:27 AM, Rondon <djrondon@gmail.com> wrote:
> > Hi Folks,
> >
> > Sorry to bother you.
> > My website is using apache at Dreamhost.
> >
> > I'm authenticating using a require valid-user at .htaccess
> > But I need to add more directives to authenticate the access by Referer.
> >
> > If the user comes from a specific referer, the user doesn't have to
> receive
> > the authentication box and bypass the authentication.
>
> First I must say that it's IMHO not a wise thing to do!
> Keep in mind that the Referer can be forged at wish one by any user,
> fooling your authorizations...
>
> >
> > Is that possible?
>
> If you really want to though, possibly something like:
>
> >
> > My .htaccess file is:
> >
> > AuthName "My Security Area"
> > AuthType Basic
> > AuthUserFile  /myusersfilepath/
>
> SetEnvIf Referer ^https?://my.referer.host/and/path let_me_in
> Require env let_me_in
> > require valid-user
>
> in that order.
>
>
> Regards,
> Yann.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message