-1

On my website, I have the following files:

  • index.html
  • apple.html
  • banana.html
  • pear.html

index.html has links to the three other pages.

What is the easiest way to block access to the 3 pages (apple.html/banana.html/pear.html) unless their referrer came from a page which was on my website?

I have seen solutions where people put their website domain as the only referrer allowed. The problem with this is that I would have to set my domain every time, since I might upload my website to 10 different domains.

Is there any way to code the .htaccess so that it automatically detects the website domain where it's kept and use that as a reference to which referrer needs to be allowed?

β.εηοιτ.βε
  • 33,893
  • 13
  • 69
  • 83
burnik
  • 7
  • 1
  • The question is unclear. What do you mean by "referrer"? – XCS May 23 '20 at 23:46
  • Do you want to only alllow `site.com/index.html -> site.com/apple.html` and no direct `site.com/apple.html` access? – XCS May 23 '20 at 23:47
  • Also, when you mean "block". What's the reason behind the blocking? Is it for security? I don't think you can achieve this in any way without it being able to be "hacked" somehow. If security is not important, you could use JS and store data in `sessionStorage`. – XCS May 23 '20 at 23:48
  • In a RewriteCond, you have access to several environment variables, such as HTTP_HOST or SERVER_NAME. – CBroe May 25 '20 at 08:09

1 Answers1

0

You can try this. This will check referer is present or not, After it will compare it with current domain. If referer is different then it is from outside referer

{
   if ((isset($_SERVER['HTTP_REFERER']) && !empty($_SERVER['HTTP_REFERER']))) 
       {
          if (strtolower(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST)) != strtolower($_SERVER['HTTP_HOST'])) 
            {
             // referer not from this domain. !! Access Denied  
            }
       }
}
NayanDZ
  • 1
  • 3