Hi Noah and Joshua, I have actually written a Captive Portal which is comprised of a couple of pages, including a Login page Logout page and some more. Basically, when the user tries to access some Web page he is redirected to the Login page and after he writes the correct password, to some other pages. The thing is that I want him to get to these pages only when he is redirected. I don't want him to access the pages by himself. The pages don't contain confidential information - its just better that he doesn't see them, so I prefer "Simple". "100% secure" is less important. Thanks, Gil -----Original Message----- From: Noah [mailto:sitz@xxxxxxxxxxxx] Sent: Sunday, March 20, 2005 4:34 PM To: users@xxxxxxxxxxxxxxxx Subject: Re: [users@httpd] Access of a page in Apache On Sun, Mar 20, 2005 at 09:23:07AM +0200, Gil Shai wrote: > 1) If a user tries to access these pages directly, they would be > forbidden. > 1) If the Apache2 redirects (using RedirectMatch directive) the user > to these pages, they would NOT be forbidden. > > How can I do this rather simply? "Simple" "Reliable" "Pick one" =) I have no doubt that there are numerous examples of this in the archives (or that can be found with google); Possible search terms: http_referer rewritecond rewriterule block The downside to this is that HTTP_REFERER blocking is not 100% effective, since you're basically implementing access controls based soley on information supplied by the user. It'll stop most of the requests for the protected pages, but won't stop a determined person. What's your filesystem layout look like, what are you redirecting to/from, and what is the actual goal here? -- <huey> dd of=/dev/fd0 if=/dev/flippy bs=1024 <huey> ^^^ Making Flippy Floppy --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|