Forum Moderators: phranque
Sorry for asking so easy things (I hope that easy :) but I am completely lost and can't find in the net something according to my problem...
Lets sat that i want to allow access to folder on my site to two groups of people:
- first - people from .de after clicking link on [site_4de.com...]
- second - people from .nl after clicking link on [site_4nl.com...]
- main problem - I can't use mod_rewrite
- second problem - I don't want to allow access to people from .de through [site_4nl.com...]
I tried to say in .htaccess something like
SetEnvIfNoCase Remote_Host "\.de$" ALLOWHOST=de
SetEnvIfNoCase Remote_Host "\.nl$" ALLOWHOST=nl
SetEnvIfNoCase Referer site_4de\.com ALLOWLINK=de
SetEnvIfNoCase Referer site_4nl\.com ALLOWLINK=nlSetEnvIf ALLOWHOST ALLOWLINK WELCOME
Order Deny,Allow
Deny from all
Allow from env=WELCOME
But SetEnvIf in Apache does not seems to accept environment variables as second argument.. It wants string "regex", so nothing in my construction works... I tried to find out how to emulate "AND" or "IF" conditions in .htacces, but with no luck.. Documentation and Google say nothing for me too...
So I am asking just to be sure :) It is impossible without mod_rewrite or I missed something?
Welcome to WebmasterWorld [webmasterworld.com]!
The combination of ANDed unanchored (inexact) patterns and the restrictions of SetEnvIf makes it impossible (or very difficult) to solve this problem using mod_setenvif and mod_access. I thought about it for awhile, and could think of no good solution. Even though I'm quite tired, I'm fairly sure there isn't any elegant way to do it with mod_setenvif and mod_access.
A mod_rewrite solution would be something like this:
RewriteCond %{HTTP_REFERER} ^http://(www\.)?site_4de\.com
RewriteCond %{REMOTE_HOST} \.de$
RewriteRule .* - [E=Welcome:Yes]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?site_4nl\.com
RewriteCond %{REMOTE_HOST} \.nl$
RewriteRule .* - [E=Welcome:Yes]
#
RewriteCond %{Welcome} !^Yes$
RewriteRule .* - [F]
I should point out that using {REMOTE_HOST} requires a reverse-DNS lookup, and is horribly inefficient. For each HTTP request your server receives, it will have to send a query to a DNS server and wait for the response. Don't use this method if you get a million requests per day! If (and only if) your visitor base is predictable and very small, you might be able to use IP address ranges instead of remote hostnames. If your site is busy and you absolutely must use remote host lookups, then consider installing something like squid that can do DNS caching.
Also, there may be problems if your visitors' IP addresses do not resolve to .nl or .de domains, even though they are actually in Germany or The Netherlands.
If possible, you might consider restricting only "page" files, such as .html, .php, etc., and leaving images, scripts, and CSS files unrestricted. For example, change the ".*" in all of the RewriteRules to "\.html$" or "\.(html¦php)$". A further improvement could be had by only restricting files in a few of your directories, and not in all.
This would limit the number of times that the code above is activated, and help to avoid the DNS-related performance problems. You'll have to decide if any of these proposed modifications are useable, depending on your situation.
Jim
