Re: [users@httpd] Directory access control by referer and password auth

2012-12-26 Thread Nick Kew
On 26 Dec 2012, at 11:28, Andrey Utkin wrote: > Anyone? See http://httpd.apache.org/docs/2.4/mod/core.html#if -- Nick Kew - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h..

Re: [users@httpd] Directory access control by referer and password auth

2012-12-26 Thread Andrey Utkin
2012/12/25 Andrey Utkin : > 2012/12/25 Wade Evans : >> Are you certain that this will suit your security needs? HTTP_REFERRER is >> easy to spoof... > > Yes. Thanks for asking, the possibility of spoofing is understood, > nothing top secret is portected. Anyone? -- Andrey Utkin ---

Re: [users@httpd] Directory access control by referer and password auth

2012-12-24 Thread Wade Evans
Are you certain that this will suit your security needs? HTTP_REFERRER is easy to spoof... On Mon, Dec 24, 2012 at 5:10 PM, Andrey Utkin < andrey.krieger.ut...@gmail.com> wrote: > I need to control access to particular directory with following logics: > if HTTP_REFERER is certain site (but no

[users@httpd] Directory access control by referer and password auth

2012-12-24 Thread Andrey Utkin
I need to control access to particular directory with following logics: if HTTP_REFERER is certain site (but not the same as in requested document URL), then grant access; else, authorize by password (i.e. pass basic authentication) Reading apache 2.4 docs i found there's new directive "If", which