prevent access of directory except from certain files with .htaccess?

[kaiman]

Hi Everyone,

 

I have the following script written in PHP that is supposed to stop people from directly accessing a certain directory unless they come from a particular page (contactform.php in this example which is a form processing script that uses header: Location to redirect to the error and success pages).

 

Of course it is falling victim to the fact that most modern browsers  (such as Firefox) don't send HTTP_REFERER information and the variable is left blank. My question is is there a way to do this using an .htaccess file on an Apache WS to bypass the browser altogether. What would something like this look like?

 

Thanks for the help,

 

kaiman

 

PHP Code:

 

<?
$referrer = $_SERVER['HTTP_REFERER'];
// set page that it is okay to view from
if (preg_match("http://www.mydomain.com/scripts/php/contactform.php",$referrer)) {
      header('Location: http://www.mydomain.com/contact/error/');
}
// otherwise redirect to contact page 
else {
      header('Location: http://www.mydomain.com/contact/');
};
?> 

[requinix]

You can't bypass the browser :-\ It's the browser that's making the request to your server in the first place.

 

Your only options are:

- Restrict by referrer. As you know it's not always present, and it's easily forged

- Restrict by IP. Better, but a pain to manage

- Restrict by credentials (eg, username and password). Best