Deny direct request using .htaccess
Is there any way to use 开发者_如何学JAVA.htaccess to deny direct Request to a specific part of my website e.g. www.example.com/XXXXX
I only want to allow Referer only to XXXXXX. I know that I have to use HTTP_REFERER somehow to accomplish my goal but currently I am using other .htaccess rules and not sure how to combine all rules together. This is what I have right now in my .htaccess
Options +FollowSymlinks RewriteEngine on RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^([^/]+)$ /index.php?page=$1 [QSA,L]
First of, am not sure i understand correctly your question, but i give it a try anyway.
Currently you have:
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^/]+)$ /index.php?page=$1 [QSA,L]
What you'd need in addition is:
RewriteCond %{REQUEST_FILENAME} -d
RewriteCond %{HTTP_REFERER} !^http://your-domain\.tld/.*$ [NC]
RewriteRule XXXXXX/(.*)$ - [F,NC,L]
.htaccess RewriteRule
's are checked in the order they occur, so you might want to do something like this, although I stand corrected because haven't had a chance to check if it'd work:
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^([^/]+)$ /index.php?page=$1 [QSA]
RewriteCond %{HTTP_REFERER} !^http://your-domain\.tld/.*$ [NC]
RewriteRule XXXXXX/(.*)$ - [F,NC,L]
That is, first check if it's an argumented file named index.php which should be rewritten, if not (no L
flag), go on for the next rule first grabbing a new condition, then if the rule validates, restrict access (throw HTTP 403).
Does this make sense? Anyway, please experiment with the above .htaccess example because as I said, I couldn't test it.
精彩评论