[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: .htaccess authorization on referer
that syntax is certainly a throw back from what i am used to seeing. i
took my queue from:
http://hoohoo.ncsa.uiuc.edu/docs/setup/srm/AccessFileName.html
where did you see this syntax? i'd like to look at those docs.
thanks! -c
On Mon, 17 Dec 2001, Danny Sauer wrote:
> On Mon, Dec 17, 2001 at 02:18:19PM -0600, charles@lunarmedia.net wrote:
> > i'm working on getting a .htaccess file to authenticate based on a referer
> > url. i have:
> >
> > <Limit GET>
> > order deny,allow
> > deny from all
> > referer allow from http://yourdomain.com/*
> > OnDeny http://yourdomain.com/warningpage.htm
> > </Limit>
> >
> > i'm getting the following error when i try using this syntax for auth:
> >
> > Invalid command 'referer', perhaps mis-spelled or defined by a module
> > not included in the server configuration
> >
> > is my syntax incorrect? or does it rely on a module? and if so does anyone
> > know which so i can verify its in my config?
>
> I'm pretty sure that's incorrect syntax... What you probably want is more
> like this, assuming you have the mod_setenvif module set up (it's a base
> module):
>
> SetEnvIfNoCase Referer "^http://yourdomain\.com/" good_referer=1
> order allow,deny
> allow from env=good_referer
> OnDeny http://yourdomain.com/warningpage.htm
>
> In a .htaccess, you really don't need the <Limit> container, BTW, unless you
> want GET/POST/HEAD/etc treated differently - which you usually don't (but
> might, I guess, if you use a POST login page that redirects to a GET page
> later). If you do use a limit, leave the setenvif outside of the container.
>
> --Danny
>
> -
> To unsubscribe, send email to majordomo@luci.org with
> "unsubscribe luci-discuss" in the body.
>
-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.