You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Gil Shai <Gi...@GoNetworks.com> on 2005/03/20 08:23:07 UTC
[users@httpd] Access of a page in Apache
Hi,
I have installed Apache2 (2.0.52) on linux. I have a following problem:
There are a set of pages that I want them to be accessed by users the
following way:
1) If a user tries to access these pages directly, they would be
forbidden.
1) If the Apache2 redirects (using RedirectMatch directive) the user to
these pages, they would NOT be forbidden.
How can I do this rather simply?
Thanks,
Gil Shai
Re: [users@httpd] Access of a page in Apache
Posted by Noah <si...@onastick.net>.
On Sun, Mar 20, 2005 at 09:23:07AM +0200, Gil Shai wrote:
> 1) If a user tries to access these pages directly, they would be
> forbidden.
> 1) If the Apache2 redirects (using RedirectMatch directive) the user to
> these pages, they would NOT be forbidden.
>
> How can I do this rather simply?
"Simple"
"Reliable"
"Pick one" =)
I have no doubt that there are numerous examples of this in the archives
(or that can be found with google); Possible search terms:
http_referer rewritecond rewriterule block
The downside to this is that HTTP_REFERER blocking is not 100%
effective, since you're basically implementing access controls based
soley on information supplied by the user. It'll stop most of the
requests for the protected pages, but won't stop a determined person.
What's your filesystem layout look like, what are you redirecting
to/from, and what is the actual goal here?
--
<huey> dd of=/dev/fd0 if=/dev/flippy bs=1024
<huey> ^^^ Making Flippy Floppy
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Access of a page in Apache
Posted by Joshua Slive <js...@gmail.com>.
On Sun, 20 Mar 2005 09:23:07 +0200, Gil Shai <Gi...@gonetworks.com> wrote:
> There are a set of pages that I want them to be accessed by users the
> following way:
>
> 1) If a user tries to access these pages directly, they would be forbidden.
>
> 1) If the Apache2 redirects (using RedirectMatch directive) the user to
> these pages, they would NOT be forbidden.
>
> How can I do this rather simply?
I don't believe there is any simple solution to this. In general, the
server sees each request as independent and hence can't make
distinctions like you want. If I remember correctly, "Referer" does
not get reset on redirects, and therefore won't be any help (and it
wouldn't be a secure solution in any case).
I believe the standard way of handling this problem is to use cookies.
You could probably hack-up something with mod_rewrite (not
RedirectMatch) to do this. Again, this wouldn't be "secure" because
you would have to use a fixed cookie. If you are interested in this,
I could probably provide an example.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org