Best method for allowing/denying access to site

Fix it!!

Best method for allowing/denying access to site

Postby caddmngr » Thu Feb 10, 2005 6:45 am

I have a site that wants to close up to the public, and only allow access to people who come from its parent site (a different domain).

In other words... If you are at and click a link to, you will be allowed access - everyone else, coming from typing or from a bookmark, would be directed to a page telling them why they cant get access to the site.

javascript seems unreliable, and I couldnt get it to work anyhow. mod_rewrite seems like the best way... so I'm looking for a little advice please!

also, one note - the site runs on https - hope this doesnt pose a problem (I think I read it does make it tougher as referals arent passed when from a ssl site?)

thanks everyone!

ssl work around

Postby caddmngr » Thu Feb 10, 2005 8:09 am

I just figured out why my redirects arent working no matter how I try to do it...

HTTP_REFERER is NOT available when coming from a SSL server!!

Is there a way around this? using anything (perl, jscript, php, etc)


Postby Caterham » Thu Feb 10, 2005 11:38 am

If HTTP_REFERER is not available, you cannot check where the user comes from....
you can genetare some timestamp in the url the user clicks on to go to and check on how old the timestamp is. If someone ookmarks this link, it might be vaild for 15min.
if the difference between the timestamp in the URL and the actual timestamp at script execution is > 15min, redirect the user to another site...
Posts: 690
Joined: Fri Dec 10, 2004 1:30 pm

Postby Guest » Tue Jun 14, 2005 1:50 pm

this is exactly how i did mine. passed a timestamp, and md5 of a secret key+timestamp+username. works a treat.

Return to Security with Mod_Rewrite

Who is online

Users browsing this forum: No registered users and 2 guests