sandshakimi
asked on
Redirect and Allow From Another Site?
I have a one-page Drupal site, https;//mydrupalsitecom/
I only want to allow visitors from https://www.thissite.com/custompage
Any other visitors should be redirected to https://www.thissite.com/
Best in .htacesss or does this need some custom PHP coding to put into Drupal?
I only want to allow visitors from https://www.thissite.com/custompage
Any other visitors should be redirected to https://www.thissite.com/
Best in .htacesss or does this need some custom PHP coding to put into Drupal?
ASKER
Both sites are on same IP.
Can I use URL?
Can I use URL?
Don't think so.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
HTTP_REFERER can be set by the request, so if there are any security implications to your design, consider this risk carefully. Especially carefully if it's a U. S. Government site, since the hacker community will be thrilled to find security lapses. It's very easy for a 'bot script to look like a Firefox browser, referred by Google, or any other site.
ASKER
Cool
Can you explain what the code is actually doing?
Can you explain what the code is actually doing?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
On mydrupalsite.com, what happens when the 1) visitor refreshe the page, or 2) copy/paste URL in a seperate Tab?
They will get to the site.
You would need to implement something in the script (php) side of things to record where a client comes from and then continue to block them.
However, that is easily circumvented by clearing the cookies on the machine.
As Ray alluded to in his post - this at best is a convenience - you can't stop people coming to the site if there is an open url to do so.
You would need to implement something in the script (php) side of things to record where a client comes from and then continue to block them.
However, that is easily circumvented by clearing the cookies on the machine.
As Ray alluded to in his post - this at best is a convenience - you can't stop people coming to the site if there is an open url to do so.
If you need to protect data from public exposure, the only sure way is this: Do not put the data on the internet. Less sure, but the more practical solution that many publishers choose is client authentication, via a username and a password.
https://www.drupal.org/project/protected_pages
https://www.drupal.org/project/protected_pages
Open in new window