Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

.htaccess syntax question

Status
Not open for further replies.
Newposter

Newposter

Technical User
May 9, 2002
735
US
How about building the username and password into the hyperlink on the referring site? I forget the exact syntax, but it's essentially the URL followed by a colon and the username and password. Wullie or another expert here can probably provide the proper syntax.

Only problem is, unless you hide the hyperlink in the mouseover on the paysite, someone who visits that site once could copy the hyperlink and go directly there. Newposter
"Good judgment comes from experience. Experience comes from bad judgment."
 
Sort by date Sort by votes
Thank you, Newposter & Wullie,

While that is one way of getting the job done (and one I may just have to use if I can't solve my original problem), it is really a seriously insecure solution in this case.

Anybody will be able to get hold of a valid username & password to my directory simply by hovering their mouse over the hyperlink on the particular referer site, and writing down the exposed link details..... Then what? Give it to all their friends, post it on other websites, etc, etc......

Admittedly, the chances of that are not high, but very easily done by even a novice web user.....

Which brings me back to a more secure (though still not totally secure, as a good hacker can trivially forge a referer env.variable) alternative......

So it is back to my original question.....

Can anyone pick the error in the following .htaccess file and tell me how to correct it, please? I repeat, the password function is working fine - but the access based on the referer is not working....


SetEnvIfNoCase Referer "//ssl.paytrack.com/" paytrack_site=1
AuthUserFile /home/virtual/site415/fst/var/AuthGroupFile /home/virtual/site415/fst/var/AuthName "Volume 1 download"
AuthType Basic
require group purchaser
Order Allow,Deny
Allow from env=paytrack_site
Satisfy Any
 
Upvote 0 Downvote
Thanks, Wullie, I'll put that in my bag of tools! 8 ) Newposter
"Good judgment comes from experience. Experience comes from bad judgment."
 
Upvote 0 Downvote
OK, I think perhaps you have to define the referer with the username and password. Try this:

SetEnvIfNoCase Referer "//username:password@ssl.paytrack.com/" paytrack_site=1
AuthUserFile /home/virtual/site415/fst/var/AuthGroupFile /home/virtual/site415/fst/var/AuthName "Volume 1 download"
AuthType Basic
require group purchaser
Order Allow,Deny
Allow from env=paytrack_site
Satisfy Any

Just a guess, hope it works. Newposter
"Good judgment comes from experience. Experience comes from bad judgment."
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Krus1972
  • Locked
  • Question
Rewrite Rule for .htaccess Help
Replies
0
Views
303
Krus1972
Krus1972
AbidingDude
  • Locked
  • Question
Newbie Apache Cache Question
Replies
5
Views
445
AbidingDude
AbidingDude
johngiggs
  • Locked
  • Question
Regex Question
Replies
1
Views
193
johngiggs
johngiggs
tyutghf
  • Locked
  • Question
htaccess password protect website
Replies
1
Views
151
feherke
feherke
gandalf458
  • Locked
  • Question
SEO-friendly URLs and .htaccess
Replies
4
Views
225
ChrisHirst
ChrisHirst

Part and Inventory Search

Sponsor

Back
Top