Best method for allowing/denying access to site

Fix it!!

Best method for allowing/denying access to site

Postby caddmngr » Thu Feb 10, 2005 6:45 am

I have a site that wants to close up to the public, and only allow access to people who come from its parent site (a different domain).

In other words... If you are at domain_one.com and click a link to domain_two.com, you will be allowed access - everyone else, coming from typing domain_two.com or from a bookmark, would be directed to a page telling them why they cant get access to the site.

javascript seems unreliable, and I couldnt get it to work anyhow. mod_rewrite seems like the best way... so I'm looking for a little advice please!

also, one note - the domain_one.com site runs on https - hope this doesnt pose a problem (I think I read it does make it tougher as referals arent passed when from a ssl site?)

thanks everyone!
Chris
caddmngr
 

ssl work around

Postby caddmngr » Thu Feb 10, 2005 8:09 am

I just figured out why my redirects arent working no matter how I try to do it...

HTTP_REFERER is NOT available when coming from a SSL server!!

Is there a way around this? using anything (perl, jscript, php, etc)

thanks
chris
caddmngr
 

Postby Caterham » Thu Feb 10, 2005 11:38 am

If HTTP_REFERER is not available, you cannot check where the user comes from....
you can genetare some timestamp in the url the user clicks on domain_one.com to go to domain_two.com and check on domain_two.com how old the timestamp is. If someone ookmarks this link, it might be vaild for 15min.
if the difference between the timestamp in the URL and the actual timestamp at script execution is > 15min, redirect the user to another site...
Caterham
 
Posts: 690
Joined: Fri Dec 10, 2004 1:30 pm

Postby Guest » Tue Jun 14, 2005 1:50 pm

this is exactly how i did mine. passed a timestamp, and md5 of a secret key+timestamp+username. works a treat.
Guest
 


Return to Security with Mod_Rewrite

Who is online

Users browsing this forum: No registered users and 11 guests

cron