Hi Rondon, On Fri, Sep 15, 2017 at 12:27 AM, Rondon <[email protected]> wrote: > Hi Folks, > > Sorry to bother you. > My website is using apache at Dreamhost. > > I'm authenticating using a require valid-user at .htaccess > But I need to add more directives to authenticate the access by Referer. > > If the user comes from a specific referer, the user doesn't have to receive > the authentication box and bypass the authentication.
First I must say that it's IMHO not a wise thing to do! Keep in mind that the Referer can be forged at wish one by any user, fooling your authorizations... > > Is that possible? If you really want to though, possibly something like: > > My .htaccess file is: > > AuthName "My Security Area" > AuthType Basic > AuthUserFile /myusersfilepath/ SetEnvIf Referer ^https?://my.referer.host/and/path let_me_in Require env let_me_in > require valid-user in that order. Regards, Yann. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
