Forum Moderators: phranque
Itīs my first post and Iīm going to the problem:
1. I have this code on my htaccess:
ErrorDocument 404 /404.htmlAuthUserFile /dev/null
AuthGroupFile /dev/null
SetEnvIfNoCase Referer "^http://www.domain.net" local_ref=1
SetEnvIfNoCase Referer "^http://domain.net" local_ref=1ErrorDocument 403 [domain.net...]
<Files ~ "\.htm$">
Order allow,Deny
allow from env=local_ref
allow from allowit
</Files>
2. Itīs working and blocking access to my htm files
3. the problem is when I try to access a htm file by javascript link, it send me to ErrorDocument, and it shouldnīt as the link is called from my domain.net site root.
4. I discovered that firewalls and some security software may blank referres and when I tried the document.write javascript it really returned blank.
5. How can I write a htaccess command to allow blank referrers to open htm files on my site?
6. Is it really the problem? Or thereīre other possible things I should know?
Moreover, I tried using SetEnvIfNoCase Referer "^$" or SetEnvIfNoCase Referer "^" or SetEnvIfNoCase Referer "$" and nothing worked.
Also tried at least six types of javascript functions and nothing worked.
Any tip?
Thanks friends!
SetEnvIf Referer "^$" local_ref
Jim
[edited by: jdMorgan at 12:42 am (utc) on Feb. 5, 2008]
Thanks, it worked, BUT, now the htm pages can be opened normaly, itīs not redirecting the access to htm pages! sad... I tried changing the javascript again but didnīt worket at all.
Is there anyway to create a conditio to read the title and access only when title is = "text"? Because at this point it seems the only solution by now.
ErrorDocument 404 /404.html
ErrorDocument 403 /index.html
#
AuthUserFile /dev/null
AuthGroupFile /dev/null
SetEnvIfNoCase Referer "^http://www.domain.net" local_ref=1
SetEnvIfNoCase Referer "^http://domain.net" local_ref=1
#
<Files ~ "\.htm$">
Order Deny,Allow
Allow from env=local_ref
Allow from allowit
</Files>
I believe you would be happier using a cookies-based access control solution, rather than Referrer-based access control. Your site won't be included by search engines, it won't be possible for people to type in your URL, and the 403-Forbidden response will (as you coded it) return your home page without nay explanation, thereby confusing your visitors.
Also, some terminology: There are no redirects at all in this code. An error response is not a redirect.
Jim
I agree itīs not a redirect, but I need users to come from index.html before they access other sections on my site, besides all my webdesign will go away.
Anyway, if you have a better solution, please let me know, at this point I tried cgi, javascript but nothing worked 100%.
Thanks in advance.
-->
Iīm thinking, my problem is the htm file accessed by javascript link, itīs just one page... hat about creating a redirect for empty referrer only... so it would work only on that page! ... is it possible? I mean... redirect empty referrer to the same page as the javascript link is pointing?
Jim
That is bad on so many levels.
ErrorDocument directives must not include a domain name, just the local file path.
Serving the root index file in response to an error is highly NOT recommended.
Craft a custom error page instead.
Finally, when referring to the root of a site in a link, don't mention the index file filename itself.
