Hi Rondon,
On Fri, Sep 15, 2017 at 12:27 AM, Rondon <djrondon@xxxxxxxxx> wrote:
> Hi Folks,
>
> Sorry to bother you.
> My website is using apache at Dreamhost.
>
> I'm authenticating using a require valid-user at .htaccess
> But I need to add more directives to authenticate the access by Referer.
>
> If the user comes from a specific referer, the user doesn't have to receive
> the authentication box and bypass the authentication.
First I must say that it's IMHO not a wise thing to do!
Keep in mind that the Referer can be forged at wish one by any user,
fooling your authorizations...
>
> Is that possible?
If you really want to though, possibly something like:
>
> My .htaccess file is:
>
> AuthName "My Security Area"
> AuthType Basic
> AuthUserFile /myusersfilepath/
SetEnvIf Referer ^https?://my.referer.host/and/path let_me_in
Require env let_me_in
> require valid-user
in that order.
Regards,
Yann.
------------------------------------------------------------ ---------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|