Hi Yann, But I need to have both working.. By Referer bypass the user authentication if Referer is different it needs the user authentication.
Cheers, Rondon --------------------------------------------------------------------------------------------- Your life is shaped by your mind and you become what you think. Dhampada - Twin Verses. 2017-09-16 14:46 GMT-03:00 Yann Ylavic <ylavic....@gmail.com>: > Hi Rondon, > > On Fri, Sep 15, 2017 at 12:27 AM, Rondon <djron...@gmail.com> wrote: > > Hi Folks, > > > > Sorry to bother you. > > My website is using apache at Dreamhost. > > > > I'm authenticating using a require valid-user at .htaccess > > But I need to add more directives to authenticate the access by Referer. > > > > If the user comes from a specific referer, the user doesn't have to > receive > > the authentication box and bypass the authentication. > > First I must say that it's IMHO not a wise thing to do! > Keep in mind that the Referer can be forged at wish one by any user, > fooling your authorizations... > > > > > Is that possible? > > If you really want to though, possibly something like: > > > > > My .htaccess file is: > > > > AuthName "My Security Area" > > AuthType Basic > > AuthUserFile /myusersfilepath/ > > SetEnvIf Referer ^https?://my.referer.host/and/path let_me_in > Require env let_me_in > > require valid-user > > in that order. > > > Regards, > Yann. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
