www.webdeveloper.com
Results 1 to 2 of 2

Thread: Preventing direct access using htaccess

Hybrid View

  1. #1
    Join Date
    Mar 2005
    Posts
    45

    Preventing direct access using htaccess

    Right now if you use a query in the url bar like this you can get the results without using the captcha on my site.

    http://example.com/results.php?s=google.com&q=1

    I need to make it so that this can only be ran from my site. So somehow if the page header is not from my site they would get sent to the home page of the site

    Something like this script does but I dont know how to make match my sites link pattern

    RewriteCond %{HTTP_REFERER} !^http://(www\.)?example.com(/)?.*$ [NC]
    RewriteRule .*\page.php$ http://www.example.com [R,NC]

  2. #2
    Join Date
    Sep 2004
    Posts
    398
    Right now if you use a query in the url bar like this you can get the results without using the captcha on my site.
    Then your CAPTCHA is implemented incorrectly.

    RewriteCond %{HTTP_REFERER} !^http://(www\.)?example.com(/)?.*$ [NC]
    RewriteRule .*\page.php$ http://www.example.com [R,NC]
    The HTTP Referer header is unreliable. If you block users typing the URL in the address bar of their browser you will block legitimate users that do not send the Referer header.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles