Direct access of files through URL

[nrastogi]

Hello guys,

I am running into this problem and need your help to resolve the issue.

Am using Apache Web Server. On my website, I have a login that takes you into the website. So, you access those pages (after login page) after you enter username and password and get into the site. Some people have bookmarked the after login pages and can access directly by-passing the login procedure.

How could I restrict them for not using the direct link to that page. Right now, they can type

http://www.domainname.com/directory/htmlpage.html

and view that page

I would like to restrict them and not to access directly and display some error when they try to access directly and redirect them to

http://www.domainname.com

Is there any setting on Apache side I need to take care of or manipulate to achieve this.

Please let me know, any help or advice is greatly appreciated.

Thanks a lot in advance,
NRastogi

 

[siberian]

You can use mod_rewrite to handle this. This technique is traditionally used to prevent outside sites from stealing images via references and thus stealing bandwidth.

http://httpd.apache.org/docs-2.0/misc/rewriteguide.html

For a description and details scroll down to 'Blocked Inline-Images'

It looks like this :

RewriteCond !^/list|of|good|files$
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^

http://www.quux-corp.de/~quux/.*$

[NC]
RewriteRule .*\.gif$ -

You want to change your referer URL of course and you want to change your rewriterule to match the content you do not want them to have direct access to.

Make sure your default entry page and your RewriteRule page are both included in that first RewriteCond so that the rule does not get executed for those.

Rewrite is really tricky, I did not test this specific example and you will really have to play with it to get it to work. But do not be discouraged, read the docs and keep at it.