Solved

stop referals

Posted on 2013-05-16
2
150 Views
Last Modified: 2013-06-03
Before I try and spend ages to try and figure this out I thought Id ask first.

My website uses index.php as the main page, all other pages are loaded in via ajax into divs on the main index.php page.

Is it possible using RewriteEngine to block access to everything (including images and php scripts) apart from if called from index.php

Can anyone advise, before I spend ages trying to figure this out?
0
Comment
Question by:tonelm54
2 Comments
 
LVL 20

Assisted Solution

by:edster9999
edster9999 earned 250 total points
ID: 39172866
What about something in the site / folder definition like :

order allow,deny
<FilesMatch "^(index\.php)?$">
    allow from all
</FilesMatch>
0
 
LVL 26

Accepted Solution

by:
arober11 earned 250 total points
ID: 39198854
Yes, but you may need to look at the Apache access log to see what HTTP_REFERER is set on the Ajax calls, if any, then add something along the following lines to your httpd.conf:

RewriteEngine On
RewriteCond %{REQUEST_URI}     !(index\.php|/)$  [NC]
RewriteCond %{HTTP_REFERER} !(yourdomain\.com|localhost) [NC]
RewriteRule .*      -                 [F,L]

Open in new window


If no HTTP_REFERER is set you'll need to use a cookie instead, and replace the Referer condition with a test to see if a cookie from your site is present e.g. a cookie named: mySitesCookie

RewriteEngine On
RewriteCond %{REQUEST_URI}     !(index\.php|/)$  [NC]
RewriteCond %{HTTP_COOKIE}    mySitesCookie=(.+)  [NC]
RewriteRule .*      -                 [F,L]

Open in new window


Note it's relatively easy for a bot script to forge and send either a fake http header or cookie, so the above isn't fool proof.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

The Confluence of Individual Knowledge and the Collective Intelligence At this writing (summer 2013) the term API (http://dictionary.reference.com/browse/API?s=t) has made its way into the popular lexicon of the English language.  A few years ago, …
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now