homepage Welcome to WebmasterWorld Guest from 174.129.76.87
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
Some .htaccess help for a newbee?
Brutus

10+ Year Member



 
Msg#: 298 posted 10:57 am on Jul 20, 2003 (gmt 0)

Hi Guys

I have reposted this from another forum after advice from a Senior Member

I am very new to .htaccess and need some help.
I am trying to deny access to a specific directory from all who are not accessing from my own site. I entered the following .htaccess file in the correct directory.
<Limit GET>
Order Deny,Allow
Deny from all
Allow from mysite.com
</Limit>

Unfortunately this denies access for everyone.
Any advice would be greatly appreciated.

Brutus

 

hakre

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 298 posted 11:09 am on Jul 20, 2003 (gmt 0)

Allow from mysite.com

this command will allow everyone access to the site, if the remote address (the adress of the user) matches the ip-address of mysite.com.

maybe you want to password protect your site instead?

-hakre

Brutus

10+ Year Member



 
Msg#: 298 posted 11:29 am on Jul 20, 2003 (gmt 0)

Thanks for the reply Hakre

The .htaccess file I have uploaded to the directory contains only the script posted, nothing more.

When I try to access from my own site, or a site I wish to deny I get:

Forbidden
You don't have permission to access /xxxx/xxxxp/xxxx/xxxx.html on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

When I replace it with a blank .htaccess file everything works again.

I do not wish to password protect my site, I would however like to redirect anyone entering my site by anything other than the index.html page to be redirected to that page.

As before, I am completely new to this and am having great difficulty with the tutorials. Any hepl/advice is greatly appreciated.

Brutus

--------------------------------------------------------------------------------

hakre

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 298 posted 11:41 am on Jul 20, 2003 (gmt 0)

hi brutus, then you're looking forward a referrer check. the limit won't help you for this, it's host based, you can check against the user's ip adress in this case only.

for this mod_rewrite [httpd.apache.org] seems to be recommended, forget about the 4,5 lines you have in there, just take a look onto this:


# Block foreign refferers
RewriteEngine on
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://www.yoursite/.*$ [NC]
RewriteRule .*\$ - [F]

-hakre

Brutus

10+ Year Member



 
Msg#: 298 posted 12:22 pm on Jul 20, 2003 (gmt 0)

Thanks again for the reply Hakre

Looks like i am really out of my depth here!

Tried your suggestion....Internal server error

Nothing else in the file but

# Block foreign refferers
RewriteEngine on
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://www.yoursite/.*$ [NC]
RewriteRule .*\$ - [F]

I have taken a look at the mod_rewrite. Surely it must be easier to become a rocket scientist!

netcommr

10+ Year Member



 
Msg#: 298 posted 12:46 pm on Jul 20, 2003 (gmt 0)

try this.

<Limit GET>
Order Allow,Deny
Allow from mysite.com
</Limit>

Allow,Deny
The Allow directives are evaluated before the Deny directives. Access is denied by default. Any client which does not match an Allow directive or does match a Deny directive will be denied access to the server.

Brutus

10+ Year Member



 
Msg#: 298 posted 1:02 pm on Jul 20, 2003 (gmt 0)

Last suggestion denies everyone, just like the original I had. At least no server error this time, but I still can`t access that folder from my own site.

Brutus

10+ Year Member



 
Msg#: 298 posted 4:43 pm on Jul 20, 2003 (gmt 0)

Brutus here again.

A thought occured to me, maybe mod_rewrite is not available to me. I am checking with my ISP to find out. If it is not available is there another way to make the redirections I require?

tschild

10+ Year Member



 
Msg#: 298 posted 4:53 pm on Jul 20, 2003 (gmt 0)

A thought occured to me, maybe mod_rewrite is not available to me.

You can exlude this reason for 500s by wrapping your mod_rewrite lines in an IfModule directive:

<IfModule mod_rewrite.c>
lines associated with mod_rewrite go here
</IfModule>

jdMorgan

WebmasterWorld Senior Member jdmorgan us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 298 posted 5:00 pm on Jul 20, 2003 (gmt 0)


Brutus,

Posting on this forum modifies code sometimes - In this case, Hakre's code was missing some critical spaces ahead of the "!" characters. With a few other minor tweaks, try this.

# Block foreign referrers
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www\.yoursite/ [NC]
RewriteRule .* - [F]

Also, his point about the meaning of "allow from mysite.com" appears to have been missed; Using that directive will allow only your server to access your site. You want to allow anyone to access your site as long as they are referred by pages on your site. That is a different thing, and the distinction is in variable tested, HTTP_REFERER vs. REMOTE_ADDRESS.

If the mod_rewrite solution still doesn't work w/the changes above, let us know.

Jim

jdMorgan

WebmasterWorld Senior Member jdmorgan us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 298 posted 5:08 pm on Jul 20, 2003 (gmt 0)

Brutus,

Here's how you can test HTTP_REFERER using a modified version of your original code.

SetEnvIf Referer "^http://www\.mysite\.com" allowit
SetEnvIf Referer "^$" allowit
<Limit GET>
Order Deny,Allow
Deny from all
Allow from allowit
</Limit>

Jim

Brutus

10+ Year Member



 
Msg#: 298 posted 5:19 pm on Jul 20, 2003 (gmt 0)

Hi Jim

Bingo, it works like a dream.

I would really like to thank all you guys who chipped in here, its nice to know that there are still some good guys out there.

Again many, many thanks.

arielmeadow

10+ Year Member



 
Msg#: 298 posted 3:11 pm on Jul 29, 2003 (gmt 0)

I'm looking to do something similar, but something I haven't seen addressed on webmaster world:

I'm trying to use my HTACCESS file to redirect all users coming from a specific referring website. Most of the information I've found relates to preventing bandwidth theft via hotlinked images, but I'm having trouble converting that code to simply redirect users coming from the offending site to an informational page.

I'm thinking it should be something like this

<Limit GET POST>
Order Allow,Deny
Deny from [offensivesite.com...]
Allow from all
</Limit>

ErrorDocument 403 [mysite.com...]

This code doesn't seem to be working in the way I'm envisioning.

Friday

10+ Year Member



 
Msg#: 298 posted 1:20 pm on Aug 26, 2003 (gmt 0)

FWIW: This seems* to work for me on a Linux(slackware)/Apache setup:

<Limit GET>
order deny,allow
deny from 00.00.00.0
</Limit>

As does thiss:

<Limit GET POST>
order allow,deny
allow from all
deny from 00.00.00.0
</Limit>

(with or without whitespace after the IP)
* When I add my own IP address to the directive, all I get is a blank page. When I remove it, the page loads.

jdMorgan

WebmasterWorld Senior Member jdmorgan us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 298 posted 3:02 pm on Aug 26, 2003 (gmt 0)

Putting an IP address in a Deny from directive denies access by the machine at that IP address; it does not deny access by visitors referred by a link on a page served by the machine at that IP address.

The confusion is between the "REMOTE_ADDRESS" and "HTTP_REFERER" variables.

Deny from [httpd.apache.org] tests the "REMOTE_ADDRESS" variable by default. To test the "HTTP_REFERER" variable, you can use SetEnvIf [httpd.apache.org]:

SetEnvIfNoCase Referer "^http://www\.offensivesite\.com" DeniedRef
<Limit GET>
Order Allow,Deny
Allow from all
Deny from DeniedRef
</Limit>

Jim

Friday

10+ Year Member



 
Msg#: 298 posted 3:22 pm on Aug 26, 2003 (gmt 0)

Thanks jdmorgan.
That's good to know.
Gonna' save it to my "Misc." directory.
;)

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved