[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: .htaccess authorization on referer




that syntax is certainly a throw back from what i am used to seeing. i 
took my queue from:

  http://hoohoo.ncsa.uiuc.edu/docs/setup/srm/AccessFileName.html

where did you see this syntax? i'd like to look at those docs.

thanks! -c

On Mon, 17 Dec 2001, Danny Sauer wrote:

> On Mon, Dec 17, 2001 at 02:18:19PM -0600, charles@lunarmedia.net wrote:
> > i'm working on getting a .htaccess file to authenticate based on a referer 
> > url. i have:
> > 
> > <Limit GET>                                                                
> >   order deny,allow
> >   deny from all
> >     referer allow from http://yourdomain.com/*
> >     OnDeny http://yourdomain.com/warningpage.htm
> > </Limit> 
> > 
> > i'm getting the following error when i try using this syntax for auth:
> > 
> >   Invalid command 'referer', perhaps mis-spelled or defined by a module 
> >   not included in the server configuration
> > 
> > is my syntax incorrect? or does it rely on a module? and if so does anyone 
> > know which so i can verify its in my config?
> 
> I'm pretty sure that's incorrect syntax...  What you probably want is more
> like this, assuming you have the mod_setenvif module set up (it's a base
> module):
> 
> SetEnvIfNoCase Referer "^http://yourdomain\.com/" good_referer=1
> order allow,deny
> allow from env=good_referer
> OnDeny http://yourdomain.com/warningpage.htm
> 
> In a .htaccess, you really don't need the <Limit> container, BTW, unless you
> want GET/POST/HEAD/etc treated differently - which you usually don't (but
> might, I guess, if you use a POST login page that redirects to a GET page
> later).  If you do use a limit, leave the setenvif outside of the container.
> 
> --Danny
> 
> -
> To unsubscribe, send email to majordomo@luci.org with
> "unsubscribe luci-discuss" in the body.
> 


-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.