[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: .htaccess authorization on referer



Oh, I thought you were using apache, not NCSA's httpd. :)

I'm pretty sure you can only use order, allow, and deny from the
mod_access module, as well as "satisfy" and "require".  The syntax
of the allow command (as well as deny+order) is described on the
page at
	http://httpd.apache.org/docs/mod/mod_access.html
and the setenvif stuff is at
	http://httpd.apache.org/docs/mod/mod_setenvif.html

I hope that helps some.  I found your specific answer by searching
for ".htaccess referer limit" on google, IIRC, but it could be drawn
from just the mod_access page...

--Danny

On Mon, Dec 17, 2001 at 02:59:41PM -0600, charles@lunarmedia.net wrote:
> 
> that syntax is certainly a throw back from what i am used to seeing. i 
> took my queue from:
> 
>   http://hoohoo.ncsa.uiuc.edu/docs/setup/srm/AccessFileName.html
> 
> where did you see this syntax? i'd like to look at those docs.
> 
> thanks! -c
> 
> On Mon, 17 Dec 2001, Danny Sauer wrote:
> 
> > On Mon, Dec 17, 2001 at 02:18:19PM -0600, charles@lunarmedia.net wrote:
> > > i'm working on getting a .htaccess file to authenticate based on a referer 
> > > url. i have:
> > > 
> > > <Limit GET>                                                                
> > >   order deny,allow
> > >   deny from all
> > >     referer allow from http://yourdomain.com/*
> > >     OnDeny http://yourdomain.com/warningpage.htm
> > > </Limit> 
> > > 
> > > i'm getting the following error when i try using this syntax for auth:
> > > 
> > >   Invalid command 'referer', perhaps mis-spelled or defined by a module 
> > >   not included in the server configuration
> > > 
> > > is my syntax incorrect? or does it rely on a module? and if so does anyone 
> > > know which so i can verify its in my config?
> > 
> > I'm pretty sure that's incorrect syntax...  What you probably want is more
> > like this, assuming you have the mod_setenvif module set up (it's a base
> > module):
> > 
> > SetEnvIfNoCase Referer "^http://yourdomain\.com/" good_referer=1
> > order allow,deny
> > allow from env=good_referer
> > OnDeny http://yourdomain.com/warningpage.htm
> > 
> > In a .htaccess, you really don't need the <Limit> container, BTW, unless you
> > want GET/POST/HEAD/etc treated differently - which you usually don't (but
> > might, I guess, if you use a POST login page that redirects to a GET page
> > later).  If you do use a limit, leave the setenvif outside of the container.
> > 
> > --Danny
> > 
> > -
> > To unsubscribe, send email to majordomo@luci.org with
> > "unsubscribe luci-discuss" in the body.
> > 
> 
> 
> -
> To unsubscribe, send email to majordomo@luci.org with
> "unsubscribe luci-discuss" in the body.

-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.