Hi Rondon, On Fri, Sep 15, 2017 at 12:27 AM, Rondon <djrondon@xxxxxxxxx> wrote: > Hi Folks, > > Sorry to bother you. > My website is using apache at Dreamhost. > > I'm authenticating using a require valid-user at .htaccess > But I need to add more directives to authenticate the access by Referer. > > If the user comes from a specific referer, the user doesn't have to receive > the authentication box and bypass the authentication. First I must say that it's IMHO not a wise thing to do! Keep in mind that the Referer can be forged at wish one by any user, fooling your authorizations... > > Is that possible? If you really want to though, possibly something like: > > My .htaccess file is: > > AuthName "My Security Area" > AuthType Basic > AuthUserFile /myusersfilepath/ SetEnvIf Referer ^https?://my.referer.host/and/path let_me_in Require env let_me_in > require valid-user in that order. Regards, Yann. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|