Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Redirect and Allow  From Another Site?

Posted on 2014-10-02
10
Medium Priority
?
111 Views
Last Modified: 2014-10-18
I have a one-page Drupal site,  https;//mydrupalsitecom/

I only want to allow visitors from https://www.thissite.com/custompage

Any other visitors should be redirected to https://www.thissite.com/

Best in .htacesss or does this need some custom PHP coding to put into Drupal?
0
Comment
Question by:sandshakimi
  • 5
  • 3
  • 2
10 Comments
 
LVL 60

Expert Comment

by:Julian Hansen
ID: 40359115
Something like this - modify IP address to IP of site you want to match against.
Options -Indexes
Options +FollowSymLinks

RewriteEngine on
RewriteBase /

RewriteCond %{REMOTE_ADDR} !^192.168.X.X$ [NC]
RewriteRule ^(.*)$ http://www.yourdomain.com/ [L,R=301]

Open in new window

0
 

Author Comment

by:sandshakimi
ID: 40359148
Both sites are on same IP.

Can I use URL?
0
 
LVL 60

Expert Comment

by:Julian Hansen
ID: 40359225
Don't think so.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 60

Accepted Solution

by:
Julian Hansen earned 1500 total points
ID: 40359226
Oh - wait - if you want to work on a click through then you can use HTTP_REFERER

This only works if you arrive at the site by clicking a link.

So something like this
Options -Indexes
Options +FollowSymLinks

RewriteEngine on
RewriteBase /

RewriteCond %{HTTP_REFERER} !^www.theacceptabledomain.com$ [NC]
RewriteRule ^(.*)$ http://www.yourdomain.com/ [L,R=301]
                                          

Open in new window

0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 40359337
HTTP_REFERER can be set by the request, so if there are any security implications to your design, consider this risk carefully.  Especially carefully if it's a U. S. Government site, since the hacker community will be thrilled to find security lapses.  It's very easy for a 'bot script to look like a Firefox browser, referred by Google, or any other site.
0
 

Author Comment

by:sandshakimi
ID: 40359343
Cool

Can you explain what the code is actually doing?
0
 
LVL 60

Assisted Solution

by:Julian Hansen
Julian Hansen earned 1500 total points
ID: 40359481
# Only these lines are relevant - the others are standard htaccess preamble

#This line is a test condition - it is checking to see if the Referring domain
# is NOT EQUAL to www.theacceptabledomain.com
# it expects regular expression syntax here '^' means start of line
# '$' means end of line
# '!' means NOT 
# %{HTTP_REFERER} is the means for accessing a server variable
# [NC] means make a case insensitive (No Case) comparison)
# So if the referring domain is equal to the one shown then allow the request to proceed

RewriteCond %{HTTP_REFERER} !^www.theacceptabledomain.com$ [NC]


# if it is not equal then fire the rule (RewriteRule)
# Again Regular expression syntax is used
# ^(.*)$ means match everything in the requested URL
# and redirect to http://www.yourdomain.com - you could pass the matched information
# to the URL with this syntax - the $1 means the first matched expression
# RewriteRule ^(.*)$ http://www.yourdomain.com?url=$1 
# [L,R=301] means L this is the last rule - don't do any more processing, R=301 means
# tell the requesting agent this is a 301 redirect (permanently moved)


RewriteRule ^(.*)$ http://www.yourdomain.com/ [L,R=301]

Open in new window

0
 

Author Comment

by:sandshakimi
ID: 40359669
On mydrupalsite.com, what happens when the 1) visitor refreshe the page, or 2) copy/paste URL in a seperate Tab?
0
 
LVL 60

Expert Comment

by:Julian Hansen
ID: 40359743
They will get to the site.

You would need to implement something in the script (php) side of things to record where a client comes from and then continue to block them.

However, that is easily circumvented by clearing the cookies on the machine.

As Ray alluded to in his post - this at best is a convenience - you can't stop people coming to the site if there is an open url to do so.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 40360161
If you need to protect data from public exposure, the only sure way is this: Do not put the data on the internet.  Less sure, but the more practical solution that many publishers choose is client authentication, via a username and a password.  
https://www.drupal.org/project/protected_pages
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to count occurrences of each item in an array.
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question