Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Need 'deny all referrers except x' .htaccess code

  1. #1
    vectro's Avatar
    vectro is offline I Like Stuff
    Join Date
    Dec 2008
    Location
    U.S.A.
    Posts
    632
    Thanks
    192
    Thanked 104 Times in 82 Posts

    Need 'deny all referrers except x' .htaccess code

    This sounds crazy, but I need .htaccess code that will ONLY allow traffic to a particular page from a specific referrer. Any traffic to those pages from other pages should be rejected.

    Believe it or not, this is a rare case where password protection is not an option.

    Example:

    allowedomain.com = domain that is allowed to link to the page.
    examplesite.com/somepage/file.html = page that is being linked to.

    alloweddomain.com should be able to link to examplesite.com/somepage/file.html without a problem. But if any/all other sites link to it then should give a 'Forbidden' error.

    Preferably, direct requests via the browser should also be disallowed.

    Does anyone know any .htaccess code that can pull this off?

  2. #2
    Will.Spencer's Avatar
    Will.Spencer is offline Retired
    Join Date
    Dec 2008
    Posts
    5,033
    Blog Entries
    1
    Thanks
    1,010
    Thanked 2,329 Times in 1,259 Posts
    Hmm... something like...
    Code:
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?example.com(/)?.*$ [NC]
    RewriteRule .* - [F]
    Submit Your Webmaster Related Sites to the NB Directory
    I swear, by my life and my love of it, that I will never live for the sake of another man, nor ask another man to live for mine.

  3. Thanked by:

    vectro (27 October, 2010)

  4. #3
    bhartzer is offline Net Builder
    Join Date
    Dec 2008
    Posts
    502
    Thanks
    53
    Thanked 135 Times in 101 Posts
    sounds to me like you need to only one particular referrer, not a link. So, if traffic comes from one particular referrer then it's allowed, otherwise it redirects somewhere else or gives an error message. Or, better yet, rather then serve up an error, send the traffic to somewhere else.

    What exactly are you trying to do? Perhaps an IP Deny manager might be better?
    Need links? Try AuthorLinks where you can buy or sell links based on Authorship and Klout score. Check out my blog or like me on Facebook.

  5. Thanked by:

    vectro (27 October, 2010)

  6. #4
    vectro's Avatar
    vectro is offline I Like Stuff
    Join Date
    Dec 2008
    Location
    U.S.A.
    Posts
    632
    Thanks
    192
    Thanked 104 Times in 82 Posts
    Quote Originally Posted by Will.Spencer View Post
    Hmm... something like...
    Code:
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?example.com(/)?.*$ [NC]
    RewriteRule .* - [F]
    What about the page being linked to? I need the rule to only apply to one single page or maybe a couple of pages. The pages are like 'cart.php?a=add&pid=37'. I might need pid=22 to be visible to everyone while pid=37 should only be visible when linked to from the allowed site. Those aren't real numbers, just examples.

    Quote Originally Posted by bhartzer View Post
    sounds to me like you need to only one particular referrer, not a link. So, if traffic comes from one particular referrer then it's allowed, otherwise it redirects somewhere else or gives an error message. Or, better yet, rather then serve up an error, send the traffic to somewhere else.

    What exactly are you trying to do? Perhaps an IP Deny manager might be better?
    I don't need to block an IP. That's easy. What I need is to make sure that only one site can link to a particular page. You're correct about the redirect or error message, though. If anyone visits the 'special' page - unless they clicked a link from the allowed site - then they should not be able to view the page.

    I want to create special services that are exclusive to members of a certain site. I'm guessing that passwords and coupon codes can be distributed to unauthorized users. It would be better if they can only get to the signup page if they click a link from the member's section of my partner's site. I figure a few lines of .htaccess could do the job for now until I find a better solution.

  7. #5
    Will.Spencer's Avatar
    Will.Spencer is offline Retired
    Join Date
    Dec 2008
    Posts
    5,033
    Blog Entries
    1
    Thanks
    1,010
    Thanked 2,329 Times in 1,259 Posts
    Quote Originally Posted by vectro View Post
    What about the page being linked to? I need the rule to only apply to one single page or maybe a couple of pages. The pages are like 'cart.php?a=add&pid=37'. I might need pid=22 to be visible to everyone while pid=37 should only be visible when linked to from the allowed site.
    Then you would replace .* with a regular expression defining your page.
    Code:
    RewriteEngine on RewriteCond %{HTTP_REFERER} !^http://(www\.)?example.com(/)?.*$ [NC] 
    RewriteRule ^/page.php(.*) - [F]
    Submit Your Webmaster Related Sites to the NB Directory
    I swear, by my life and my love of it, that I will never live for the sake of another man, nor ask another man to live for mine.

  8. Thanked by:

    vectro (27 October, 2010)

  9. #6
    vectro's Avatar
    vectro is offline I Like Stuff
    Join Date
    Dec 2008
    Location
    U.S.A.
    Posts
    632
    Thanks
    192
    Thanked 104 Times in 82 Posts
    Quote Originally Posted by Will.Spencer View Post
    Then you would replace .* with a regular expression defining your page.
    Code:
    RewriteEngine on RewriteCond %{HTTP_REFERER} !^http://(www\.)?example.com(/)?.*$ [NC] 
    RewriteRule ^/page.php(.*) - [F]
    Code:
    RewriteEngine on RewriteCond %{HTTP_REFERER} !^http://(www\.)?example.com(/)?.*$ [NC] 
    RewriteRule ^/cart.php(?a=add&pid=37) - [F]
    RewriteRule ^/cart.php(?a=add&pid=38) - [F]
    RewriteRule ^/cart.php(?a=add&pid=39) - [F]
    So, like that to restrict 37, 38 and 39?

  10. #7
    Will.Spencer's Avatar
    Will.Spencer is offline Retired
    Join Date
    Dec 2008
    Posts
    5,033
    Blog Entries
    1
    Thanks
    1,010
    Thanked 2,329 Times in 1,259 Posts
    That looks right to me, but mod_rewrite syntax is nightmarish and I usually get it wrong the first half-dozen times.
    Submit Your Webmaster Related Sites to the NB Directory
    I swear, by my life and my love of it, that I will never live for the sake of another man, nor ask another man to live for mine.

  11. Thanked by:

    vectro (27 October, 2010)

  12. #8
    Andy101's Avatar
    Andy101 is offline Code Otaku
    Join Date
    Aug 2009
    Location
    Kanazawa
    Posts
    1,285
    Thanks
    175
    Thanked 306 Times in 233 Posts
    You can put .htaccess files in any directory. It doesn't have to be in the root directory. This can make it easier to get the rules correct.

    So why not have a directory containing these files only?

    In this case you can have something simple for the .htaccess file like:

    Code:
    order deny,allow
    deny from all
    allow from .membersite.com

  13. Thanked by:

    vectro (27 October, 2010)

  14. #9
    vectro's Avatar
    vectro is offline I Like Stuff
    Join Date
    Dec 2008
    Location
    U.S.A.
    Posts
    632
    Thanks
    192
    Thanked 104 Times in 82 Posts
    Quote Originally Posted by Andy101 View Post
    So why not have a directory containing these files only?
    Because it's one single PHP file which is part of a shopping cart. Not several files in a directory. The one file can load different products via variables.

    cart.php?a=add&pid=37
    cart.php?a=add&pid=38

    Those are two different products. I might need, for example, 37 to be restricted while 38 is available to the whole world.

  15. #10
    Andy101's Avatar
    Andy101 is offline Code Otaku
    Join Date
    Aug 2009
    Location
    Kanazawa
    Posts
    1,285
    Thanks
    175
    Thanked 306 Times in 233 Posts
    Quote Originally Posted by vectro View Post
    Because it's one single PHP file which is part of a shopping cart. Not several files in a directory. The one file can load different products via variables.

    cart.php?a=add&pid=37
    cart.php?a=add&pid=38

    Those are two different products. I might need, for example, 37 to be restricted while 38 is available to the whole world.
    In that case I suggest that it is best to restrict access in the PHP code.

    You detect where the visitor came from and then terminate the script with an error message such as:

    PHP Code:
    if ($_SERVER['HTTP_REFERER'] != 'allowed place') die ("Access Denied!"); 

  16. Thanked by:

    vectro (27 October, 2010)

Page 1 of 2 12 LastLast

Similar Threads

  1. .htaccess Code for Proxy Sites to Block Bad Bots
    By vectro in forum Web Proxies
    Replies: 18
    Last Post: 10 April, 2011, 21:59 PM
  2. NetBuilders Referrers
    By Will.Spencer in forum Announcements and Suggestions
    Replies: 7
    Last Post: 13 April, 2010, 10:51 AM
  3. .htaccess help
    By Sami4u in forum Building
    Replies: 3
    Last Post: 14 September, 2009, 14:47 PM
  4. Deny IP addresses using .htaccess
    By ghadeer in forum Programming
    Replies: 3
    Last Post: 24 July, 2009, 19:40 PM
  5. Replies: 2
    Last Post: 28 June, 2009, 18:02 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •