Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Redirect and Allow  From Another Site?

Posted on 2014-10-02
10
Medium Priority
?
115 Views
Last Modified: 2014-10-18
I have a one-page Drupal site,  https;//mydrupalsitecom/

I only want to allow visitors from https://www.thissite.com/custompage

Any other visitors should be redirected to https://www.thissite.com/

Best in .htacesss or does this need some custom PHP coding to put into Drupal?
0
Comment
Question by:sandshakimi
  • 5
  • 3
  • 2
10 Comments
 
LVL 61

Expert Comment

by:Julian Hansen
ID: 40359115
Something like this - modify IP address to IP of site you want to match against.
Options -Indexes
Options +FollowSymLinks

RewriteEngine on
RewriteBase /

RewriteCond %{REMOTE_ADDR} !^192.168.X.X$ [NC]
RewriteRule ^(.*)$ http://www.yourdomain.com/ [L,R=301]

Open in new window

0
 

Author Comment

by:sandshakimi
ID: 40359148
Both sites are on same IP.

Can I use URL?
0
 
LVL 61

Expert Comment

by:Julian Hansen
ID: 40359225
Don't think so.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 61

Accepted Solution

by:
Julian Hansen earned 1500 total points
ID: 40359226
Oh - wait - if you want to work on a click through then you can use HTTP_REFERER

This only works if you arrive at the site by clicking a link.

So something like this
Options -Indexes
Options +FollowSymLinks

RewriteEngine on
RewriteBase /

RewriteCond %{HTTP_REFERER} !^www.theacceptabledomain.com$ [NC]
RewriteRule ^(.*)$ http://www.yourdomain.com/ [L,R=301]
                                          

Open in new window

0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 40359337
HTTP_REFERER can be set by the request, so if there are any security implications to your design, consider this risk carefully.  Especially carefully if it's a U. S. Government site, since the hacker community will be thrilled to find security lapses.  It's very easy for a 'bot script to look like a Firefox browser, referred by Google, or any other site.
0
 

Author Comment

by:sandshakimi
ID: 40359343
Cool

Can you explain what the code is actually doing?
0
 
LVL 61

Assisted Solution

by:Julian Hansen
Julian Hansen earned 1500 total points
ID: 40359481
# Only these lines are relevant - the others are standard htaccess preamble

#This line is a test condition - it is checking to see if the Referring domain
# is NOT EQUAL to www.theacceptabledomain.com
# it expects regular expression syntax here '^' means start of line
# '$' means end of line
# '!' means NOT 
# %{HTTP_REFERER} is the means for accessing a server variable
# [NC] means make a case insensitive (No Case) comparison)
# So if the referring domain is equal to the one shown then allow the request to proceed

RewriteCond %{HTTP_REFERER} !^www.theacceptabledomain.com$ [NC]


# if it is not equal then fire the rule (RewriteRule)
# Again Regular expression syntax is used
# ^(.*)$ means match everything in the requested URL
# and redirect to http://www.yourdomain.com - you could pass the matched information
# to the URL with this syntax - the $1 means the first matched expression
# RewriteRule ^(.*)$ http://www.yourdomain.com?url=$1 
# [L,R=301] means L this is the last rule - don't do any more processing, R=301 means
# tell the requesting agent this is a 301 redirect (permanently moved)


RewriteRule ^(.*)$ http://www.yourdomain.com/ [L,R=301]

Open in new window

0
 

Author Comment

by:sandshakimi
ID: 40359669
On mydrupalsite.com, what happens when the 1) visitor refreshe the page, or 2) copy/paste URL in a seperate Tab?
0
 
LVL 61

Expert Comment

by:Julian Hansen
ID: 40359743
They will get to the site.

You would need to implement something in the script (php) side of things to record where a client comes from and then continue to block them.

However, that is easily circumvented by clearing the cookies on the machine.

As Ray alluded to in his post - this at best is a convenience - you can't stop people coming to the site if there is an open url to do so.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 40360161
If you need to protect data from public exposure, the only sure way is this: Do not put the data on the internet.  Less sure, but the more practical solution that many publishers choose is client authentication, via a username and a password.  
https://www.drupal.org/project/protected_pages
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses how to create an extensible mechanism for linked drop downs.
There are times when I have encountered the need to decompress a response from a PHP request. This is how it's done, but you must have control of the request and you can set the Accept-Encoding header.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question