Re: [users] Only allow access from specific domains?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 03.06.2014 21:05, Brad Harris wrote:

I've been trying to configure a website to send a 403 forbidden error unless the user comes from a specific website/domain, which is a logon page hosted on another server.
Design error, because, the Referer is fakeable and makes the logon page not neccessary ... 



RewriteEngine On
# this is the domain hosting the login page
RewriteCond %{HTTP_REFERER} !logon_domain.com [NC]
# this is the domain hosting the WordPress site
RewriteCond %{HTTP_REFERER} !wordpress_site.com [NC]
RewriteRule .* - [F]
ErrorDocument 403 http://logon_domain.com/Login.aspx

The last line of my rewrite error log:
forcing responsecode 403 for /var/www/html/...


the match strings are wrong, should be    !^http://....$

Walter

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux