.htaccess referer problem - Webmaster General forum at WebmasterWorld - WebmasterWorld

Forum Moderators: phranque

Message Too Old, No Replies

.htaccess referer problem

either no-one has access or everybody...

Krissy

3:22 pm on Feb 6, 2004 (gmt 0)

10+ Year Member

Hello,

I am a complete newbie and I start to get desperate...
I am building a website with a page containing documents for download. I want that people can only access this page (www.my-domain.com/test/download.html) when they click on a link on my website(www.my-domain.com/test). I don't want to allow direct links, i.e. I don't want that people can simply type the address in I.E. and reach the page.

I figured out the following code after searching for 2 days now:

AuthUserFile /dev/null
AuthGroupFile /dev/null
SetEnvIfNoCase referer "^http://www\.my-domain\.com/test" allowit
SetEnvIfNoCase referer "^http://my-domain\.com/test" allowit
SetEnvIf referer "^$" allowit

ErrorDocument 403 /test/error403.html

<Files ~ "download.html$">
Order deny,allow
deny from all
allow from allowit
</Files>

The problem is that I always get the 403 error, even when I click on the link on my website, although I intended to allow access through this link.
The problem is also that I am not sure whether I should use the referer with "" or without, \ or / in the code... I have found several examples that are not the same.
(is it : SetEnvIfNoCase referer "^http://www\.my-domain\.com/test" allowit or
SetEnvIfNoCase referer ^http://www\.my-domain\.com/test allowit or
SetEnvIfNoCase referer "^http://www.my-domain.com/test" allowit..?)

Do you have an idea?

Thanks a lot,

Kristina

ergophobe

5:35 pm on Feb 8, 2004 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

I don't really know anything about this, but how about:

SetEnvIfNoCase Referer ^http://www\.my-domain\.com/test.* allowit

(no quotes, regex .* to match to end of line). Or better

SetEnvIfNoCase Referer ^http://www\.my-domain\.com.* allowit
SetEnvIfNoCase Host ^http://www\.my-domain\.com allowit

to allow anything from your domain. According to the manual example, the .* should not be necessary, but why not try it? In fact the manual example omits the http:// as well.

SetEnvIf Referer www\.mydomain\.com intra_site_referral

According to the official Apache document for setenvif [httpd.apache.org] that line

sets intra_site_referral if the referring page was somewhere on the www.mydomain.com Web site.

Have you tried that?

Krissy

2:57 pm on Feb 9, 2004 (gmt 0)

10+ Year Member

Thanks ergophobe,

I tried your code but it still doesn't work:

AuthUserFile /dev/null
AuthGroupFile /dev/null
SetEnvIfNoCase Referer ^http://www\.my-domain\.com.* allowit
SetEnvIfNoCase Host ^http://my-domain\.com.* allowit
SetEnvIf referer ^$ allowit

ErrorDocument 403 /test/error403.html

<Files ~ "download.html$">
Order deny,allow
deny from all
allow from allowit
</Files>

I also tried the intra_site_referral, but it also didn't work... Any idea?

Thanks,
Kristina

ergophobe

5:55 pm on Feb 9, 2004 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

What version of Apache are you using? Are you sure that you have mod_setenvif loaded?

Krissy

9:18 am on Feb 10, 2004 (gmt 0)

10+ Year Member

I use the Strato webservice... I know that they allow to use .htaccess, but I'll ask if mod_setenvif is allowed...

ergophobe

4:56 pm on Feb 10, 2004 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

I'm steering you wrong. Strato looks pretty modern, even though they don't give the Apache version. mod_setenvif has been a core module (i.e. not a dynamic add-in) for a long time now, so I'm sure you have it. I just don't know enough about it to figure out your problem.

Sorry

Tom

Krissy

9:49 am on Feb 17, 2004 (gmt 0)

10+ Year Member

I just got the following code from Strato and it seems to work - maybe it will help someone else having the same problem...

AuthUserFile /dev/null
AuthGroupFile /dev/null
SetEnvIfNoCase Referer "^http://www.my-domain.com" local_ref=1
SetEnvIfNoCase Referer "^http://my-domain.com" local_ref=1

ErrorDocument 403 [my-domain.com...]

<Files ~ "download.html$">
Order Allow,Deny
Allow from env=local_ref
</Files>