July 15, 2008 - 5:52pm
Ammoratti @ Jul 15
I'm building a site for a client who wishes to have a private forum installed in a particular directory (let's call it "subdirectory"), and make that directory impervious to external linking. He does not plan to advertise its existence publicly, and if someone should try to link to anything within that directory, he wants all visitors to be redirected to the homepage instead.
In other words, the only way to get to the forum would be either via a desktop shortcut, a link from within the domain, or by directly typing the address in the address bar of a browser. The server I'm using is Unix-based and runs apache. Can anyone suggest a good way to do this?
The only way to know from where the user is coming is the HTTP Referrer header sent by the client (user's browser), and this is extremely unreliable.
1) It is easily spoofed
2) It is often stripped from the request outbound from the user's computer by software like Norton Internet Security Suite
This is further complicated by the fact that you want a combination of different approaches which conflict enough that when combined with the unreliability it becomes useless to bother.
1) Desktop shortcut: no referrer would be present
2) Directly typed: no referrer would be present
3) Linked from within site: Referrer would from your domain
So you'd have to allow for no referrer AND for referrers containing your domain. Given that programs often strip the referrer, lots of people would be let in who shouldn't. Further combining the easy spoofing of referrer, lots of people could come in from improper approaches.
So if your client expects this to be enforceable, you're out of luck. If this is just a helpful feature he wants added but can live with the fact that it is easily bypassed, then the following (untested) code should work in a .htaccess file in your "subdirectory" if your server has mod_rewrite installed and allows overrides (.htaccess):
CODE
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)*mydomain\.com [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule ^ http://www.mydomain.com/ [R=302,L]
July 16, 2008 - 11:48pm
Many of the readily available
Many of the readily available forums allow for private forums, requiring a login to access the posts within. Most also allow for a mix of public and private forums, depending on your needs. If someone where to have access to the private posts and link to them, any other visitor would be caught by the login requirements. If you are writing your own, you could add this in, or use an htaccess directive to require a username/password for accessing anything in that subdirectory.
I'm building a site for a client who wishes to have a private forum installed in a particular directory (let's call it "subdirectory"), and make that directory impervious to external linking. He does not plan to advertise its existence publicly, and if someone should try to link to anything within that directory, he wants all visitors to be redirected to the homepage instead.
In other words, the only way to get to the forum would be either via a desktop shortcut, a link from within the domain, or by directly typing the address in the address bar of a browser. The server I'm using is Unix-based and runs apache. Can anyone suggest a good way to do this?