Solved

Redirect and Allow  From Another Site?

Posted on 2014-10-02
10
97 Views
Last Modified: 2014-10-18
I have a one-page Drupal site,  https;//mydrupalsitecom/

I only want to allow visitors from https://www.thissite.com/custompage

Any other visitors should be redirected to https://www.thissite.com/

Best in .htacesss or does this need some custom PHP coding to put into Drupal?
0
Comment
Question by:sandshakimi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
10 Comments
 
LVL 57

Expert Comment

by:Julian Hansen
ID: 40359115
Something like this - modify IP address to IP of site you want to match against.
Options -Indexes
Options +FollowSymLinks

RewriteEngine on
RewriteBase /

RewriteCond %{REMOTE_ADDR} !^192.168.X.X$ [NC]
RewriteRule ^(.*)$ http://www.yourdomain.com/ [L,R=301]

Open in new window

0
 

Author Comment

by:sandshakimi
ID: 40359148
Both sites are on same IP.

Can I use URL?
0
 
LVL 57

Expert Comment

by:Julian Hansen
ID: 40359225
Don't think so.
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 57

Accepted Solution

by:
Julian Hansen earned 500 total points
ID: 40359226
Oh - wait - if you want to work on a click through then you can use HTTP_REFERER

This only works if you arrive at the site by clicking a link.

So something like this
Options -Indexes
Options +FollowSymLinks

RewriteEngine on
RewriteBase /

RewriteCond %{HTTP_REFERER} !^www.theacceptabledomain.com$ [NC]
RewriteRule ^(.*)$ http://www.yourdomain.com/ [L,R=301]
                                          

Open in new window

0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 40359337
HTTP_REFERER can be set by the request, so if there are any security implications to your design, consider this risk carefully.  Especially carefully if it's a U. S. Government site, since the hacker community will be thrilled to find security lapses.  It's very easy for a 'bot script to look like a Firefox browser, referred by Google, or any other site.
0
 

Author Comment

by:sandshakimi
ID: 40359343
Cool

Can you explain what the code is actually doing?
0
 
LVL 57

Assisted Solution

by:Julian Hansen
Julian Hansen earned 500 total points
ID: 40359481
# Only these lines are relevant - the others are standard htaccess preamble

#This line is a test condition - it is checking to see if the Referring domain
# is NOT EQUAL to www.theacceptabledomain.com
# it expects regular expression syntax here '^' means start of line
# '$' means end of line
# '!' means NOT 
# %{HTTP_REFERER} is the means for accessing a server variable
# [NC] means make a case insensitive (No Case) comparison)
# So if the referring domain is equal to the one shown then allow the request to proceed

RewriteCond %{HTTP_REFERER} !^www.theacceptabledomain.com$ [NC]


# if it is not equal then fire the rule (RewriteRule)
# Again Regular expression syntax is used
# ^(.*)$ means match everything in the requested URL
# and redirect to http://www.yourdomain.com - you could pass the matched information
# to the URL with this syntax - the $1 means the first matched expression
# RewriteRule ^(.*)$ http://www.yourdomain.com?url=$1 
# [L,R=301] means L this is the last rule - don't do any more processing, R=301 means
# tell the requesting agent this is a 301 redirect (permanently moved)


RewriteRule ^(.*)$ http://www.yourdomain.com/ [L,R=301]

Open in new window

0
 

Author Comment

by:sandshakimi
ID: 40359669
On mydrupalsite.com, what happens when the 1) visitor refreshe the page, or 2) copy/paste URL in a seperate Tab?
0
 
LVL 57

Expert Comment

by:Julian Hansen
ID: 40359743
They will get to the site.

You would need to implement something in the script (php) side of things to record where a client comes from and then continue to block them.

However, that is easily circumvented by clearing the cookies on the machine.

As Ray alluded to in his post - this at best is a convenience - you can't stop people coming to the site if there is an open url to do so.
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 40360161
If you need to protect data from public exposure, the only sure way is this: Do not put the data on the internet.  Less sure, but the more practical solution that many publishers choose is client authentication, via a username and a password.  
https://www.drupal.org/project/protected_pages
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to count occurrences of each item in an array.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question