Forum Moderators: phranque
I can allow access from an IP address and also an individidual who hase signed up and his/her username and password are contained within the .htpasswd file.
What I do need to do now is to allow access without the basic prompt where the user comes from a specific web page and how will it fit in with the existing file.
I have looked on this board but all the examples I have seen apply to banning addresses where I need them to come in without being prompted for the username and password.
Order Deny,Allow
Deny from All
Allow from ***.***.***.***
Allow from ***.***.***.***
Allow from ***.***.***.***
AuthName "Members Access"
AuthType Basic
AuthUserFile /path/to/.htpasswd/file
require valid-user
Satisfy Any
Many thanks
Welcome to WebmasterWorld!
> ...comes from a specific page...
This involves either setting up and testing a cookie, which is reliable for users with cookies enabled, or testing the HTTP_REFERER header sent by the browser, which is notoriously unreliable (many users will appear not to send the HTTP_REFERER header because it is blocked by their corporate network, by their security software such as Norton Internet Security, or by their ISP -- for example, almost all AOL users).
If you use the HTTP_REFERER method, you will have to decide how to handle blank referrers.
The key to letting mod_access test HTTP_REFERER (and possibly HTTP_COOKIE) is to use mod_setenvif to set a variable to be passed to mod_access. So, for example:
SetEnvIf Referer "^good_page\.html$" Allow_access
#
Order Deny,Allow
Deny from All
...
Allow from Allow_access
Note that in order for this to work, mod_setenvif must *follow* mod_access in the Loadmodule list in httpd.conf -- modules are executed in the *reverse* order that they are loaded.
I have not used mod_setenvif to test HTTP_COOKIE, so I'm not sure if it will work.
Jim
Colin
