Web Analytics Made Easy -
StatCounter .htaccess restricted to specific url referrer - CodingForum


No announcement yet.

.htaccess restricted to specific url referrer

  • Filter
  • Time
  • Show
Clear All
new posts

  • .htaccess restricted to specific url referrer


    I have been trying to get this to work for a few hours now. I've searched online and found various methods, but none have worked for me.

    Basically, I have a directory that I don't want outside access to (it will have audio download files in it). It is part of a username and password protected directory and I only want logged in users to have access.

    The directory I want protection on is:

    The referring page I want to allow access from is:

    If someone tries to access any of the files in the kit/media_files directory, I want them redirected to kit/index.php.

    Here is my latest try, which didn't work. This .htaccess file is in the kit/media_files directory. I also wondered if I should place this code into the main .htaccess file, or should it be in a specific file just for this directory? I tried both and neither work.

    RewriteEngine on
    RewriteBase /
    RewriteCond %{HTTP_REFERER} !^http://mysite\.com\.kit/index.php [NC]
    RewriteCond %{HTTP_REFERER} !^http://www\.mysite\.com\.kit/index.php [NC]
    RewriteRule ^.*$ http://mysite.com.kit/index.php [R=301,L]
    If there is a better way to restrict access to this folder to the outside public I'm open to try anything. I just want to make sure only registered users can get into these files.

  • #2
    Why are you redirecting to and comparing against .com.kit, unless this is some kind of new TLD I'm not aware (and it sounds like it's just a folder in your case), then that's definitely at least part of your problem.


    • #3
      No, I'm trying to only allow access to visitors that come from www.mysite.com/kit/index.php

      I don't understand the syntax for .htaccess code, and I'm sure that's my problem in this whole thing. I've seen many examples online that use /\ inbetween addresses and many that don't use any slashes, but I haven't been able to get either to work.

      I'm just hoping someone can show me the correct usage of the code.


      • #4
        There's nothing too magical about mod_rewrite, you just need some fundamental Regex knowledge. In your case you are simply attempting to match a URI, so you just put in the URL, the only special case is the full stops in the path. A full stop character in regex means (put basically) match anything. To stop it having that meaning and simply mean match a full stop you escape it with a backslash.


        • #5
          Okay, so I'm a step closer, but it's not handling the redirect function correctly when I come from my intended page. When I'm on the index.php page, I want to have access to the directory and link to audio files that will be in it. No matter what url I'm coming from, it's redirecting me out to the RewriteRule url (aka -not letting me in when accessed from the allowed referer like I want it to, index.php). So, something is wrong in the referer line where it's not seeing that I'm coming from that page.

          I am completely unfamiliar with coding custom .htaccess files....as you can tell...

          RewriteEngine on
          RewriteBase /
          RewriteCond %{HTTP_REFERER} !^http://mysite.com/kit/index.php [NC]
          RewriteCond %{HTTP_REFERER} !^http://www.mysite.com/kit/index.php [NC]
          RewriteRule ^.*$ http://mysite.com/kit/ [R=301,L]
          Last edited by shaunmacie; Sep 6, 2011, 11:44 AM.


          • #6
            Have you tried a different browser? As a general rule I always test using R=302, because you browser can cache the 301 redirect, so even when you might have the right solution, you don't realise because the redirect for the original request has been cached by your browser and as such is never hitting your server.

            In theory a request for mysite.com/kit/somefile.extension should get redirected to the kit folder unless the referrer matches one of those two strings.

            In answer to your original question though, there are better ways of achieving this. A simple one is to set a cookie on their computer when they log in. Then redirect the request if it doesn't have a cookie attached to it.

            RewriteCond %{HTTP_COOKIE} !somecookie=([^;]+)
            RewriteRule .* http://mysite.com/login.php [R=302,L]


            • #7
              Restricting it with a cookie worked like a dream! I don't care how it works, as long as it does!

              Thanks for the insight!