I've been trying to configure a website to send a 403 forbidden error unless
the user comes from a specific website/domain, which is a logon page hosted on
another server. Once the user logs on to that page it redirects them to a
WordPress site. The server running WordPress is currently running about 7
websites, utilizing the VirtualHost directive. I've tried to make this work
using Rewrite Conditions/Rules but it's not 100% working. The problem(s) I'm
seeing is that the "ErrorDocument 403 ..." directive is not redirecting the
user to the logon page but it's redirecting to the default Apache test page. If
I start out on the logon page it works fine...I login, it redirects me to the
WordPress site. The next problem I see is that using these Rewrite rules slows
the server down considerably because it's evaluating every single file that the
browser accesses. So my question is, what's the best way to keep users from
accessing the WordPress site if they don't originate from the logon page? I
would much rather accomplish this with Apache than WordPress. Below are my
Rewrite rules:
RewriteEngine On
# this is the domain hosting the login page
RewriteCond %{HTTP_REFERER} !logon_domain.com [NC]
# this is the domain hosting the WordPress site
RewriteCond %{HTTP_REFERER} !wordpress_site.com [NC]
RewriteRule .* - [F]
ErrorDocument 403 http://logon_domain.com/Login.aspx
The last line of my rewrite error log:
forcing responsecode 403 for /var/www/html/...
So based on that line in the error log I would assume it's working....it just
isn't redirecting, and it's slowing the site down.
Any help would be greatly appreciated!
Thanks,
Brad
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
