Restricting .htaccess to a referring url

software development

#1

Anyone know how I could restrict access to a certain portion of a site to a referring url. I plan on setting up a site that has a member’s only content area where people will be directed from a URL that’s outside of my site.

Doug


#2

I think you can do this with mod_rewrite. Just be careful - it’s tricky to use properly, and can break your site (or seriously use up a lot of resources on our server) if it’s not done right.


#3

You can also do this using environment variables. Here’s code you can use in .htaccess:

SetEnvIf Referer "^http://YOURDOMAIN" local_referral SetEnvIf Referer "^http://THEIRDOMAIN" auth_referral Order Deny,Allow Deny from all Allow from env=local_referral Allow from env=auth_referral First it sets local_referral to 1 if they click on a link on one of your own pages.
Second it sets auth_referral to 1 if they click on a link on someone else web page.
Then the server will send Forbidden messages if they did not do one of the above.

When you change the YOURDOMAIN and THEIRDOMAN, put a \ in front of periods:
www.dreamhost.com = “^http://www.dreamhost.com”

If you want to match a specific URL, put a $ at the end:
"^http://discussion.dreamhost.com/wwwthreads.pl?Cat=$"

^ = beginning
$ = end
. = any character
? = previous character may not be present (ie jpe?g matches ‘jpg’ and ‘jpeg’)

If you wish to specify your own Forbidden message, add

ErrorDocument 403 http://YOURDOMAIN/forbidden.html You might want to add the following to let visitors bookmark the URLs, enter them into their address bar, or click on them from non-web sites:

SetEnvIf Referer "^$" local_referral


#4

Thanks for the help. I was able to set up the needed restriction.

Doug