Solved

Redirect and Allow  From Another Site?

Posted on 2014-10-02
10
83 Views
Last Modified: 2014-10-18
I have a one-page Drupal site,  https;//mydrupalsitecom/

I only want to allow visitors from https://www.thissite.com/custompage

Any other visitors should be redirected to https://www.thissite.com/

Best in .htacesss or does this need some custom PHP coding to put into Drupal?
0
Comment
Question by:sandshakimi
  • 5
  • 3
  • 2
10 Comments
 
LVL 51

Expert Comment

by:Julian Hansen
ID: 40359115
Something like this - modify IP address to IP of site you want to match against.
Options -Indexes
Options +FollowSymLinks

RewriteEngine on
RewriteBase /

RewriteCond %{REMOTE_ADDR} !^192.168.X.X$ [NC]
RewriteRule ^(.*)$ http://www.yourdomain.com/ [L,R=301]

Open in new window

0
 

Author Comment

by:sandshakimi
ID: 40359148
Both sites are on same IP.

Can I use URL?
0
 
LVL 51

Expert Comment

by:Julian Hansen
ID: 40359225
Don't think so.
0
 
LVL 51

Accepted Solution

by:
Julian Hansen earned 500 total points
ID: 40359226
Oh - wait - if you want to work on a click through then you can use HTTP_REFERER

This only works if you arrive at the site by clicking a link.

So something like this
Options -Indexes
Options +FollowSymLinks

RewriteEngine on
RewriteBase /

RewriteCond %{HTTP_REFERER} !^www.theacceptabledomain.com$ [NC]
RewriteRule ^(.*)$ http://www.yourdomain.com/ [L,R=301]
                                          

Open in new window

0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 40359337
HTTP_REFERER can be set by the request, so if there are any security implications to your design, consider this risk carefully.  Especially carefully if it's a U. S. Government site, since the hacker community will be thrilled to find security lapses.  It's very easy for a 'bot script to look like a Firefox browser, referred by Google, or any other site.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:sandshakimi
ID: 40359343
Cool

Can you explain what the code is actually doing?
0
 
LVL 51

Assisted Solution

by:Julian Hansen
Julian Hansen earned 500 total points
ID: 40359481
# Only these lines are relevant - the others are standard htaccess preamble

#This line is a test condition - it is checking to see if the Referring domain
# is NOT EQUAL to www.theacceptabledomain.com
# it expects regular expression syntax here '^' means start of line
# '$' means end of line
# '!' means NOT 
# %{HTTP_REFERER} is the means for accessing a server variable
# [NC] means make a case insensitive (No Case) comparison)
# So if the referring domain is equal to the one shown then allow the request to proceed

RewriteCond %{HTTP_REFERER} !^www.theacceptabledomain.com$ [NC]


# if it is not equal then fire the rule (RewriteRule)
# Again Regular expression syntax is used
# ^(.*)$ means match everything in the requested URL
# and redirect to http://www.yourdomain.com - you could pass the matched information
# to the URL with this syntax - the $1 means the first matched expression
# RewriteRule ^(.*)$ http://www.yourdomain.com?url=$1 
# [L,R=301] means L this is the last rule - don't do any more processing, R=301 means
# tell the requesting agent this is a 301 redirect (permanently moved)


RewriteRule ^(.*)$ http://www.yourdomain.com/ [L,R=301]

Open in new window

0
 

Author Comment

by:sandshakimi
ID: 40359669
On mydrupalsite.com, what happens when the 1) visitor refreshe the page, or 2) copy/paste URL in a seperate Tab?
0
 
LVL 51

Expert Comment

by:Julian Hansen
ID: 40359743
They will get to the site.

You would need to implement something in the script (php) side of things to record where a client comes from and then continue to block them.

However, that is easily circumvented by clearing the cookies on the machine.

As Ray alluded to in his post - this at best is a convenience - you can't stop people coming to the site if there is an open url to do so.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 40360161
If you need to protect data from public exposure, the only sure way is this: Do not put the data on the internet.  Less sure, but the more practical solution that many publishers choose is client authentication, via a username and a password.  
https://www.drupal.org/project/protected_pages
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Generating table dynamically is the most common issue faced by php developers.... So it seems there is a need of an article that explains the basic concept of generating tables dynamically. It just requires a basic knowledge of html and little maths…
Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to count occurrences of each item in an array.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now