Posted by Jerry Stuckle on 06/15/07 11:23

Nosferatum wrote:
> Hi, on my Apache server I want to limit access to a certain file ouput
> (from php/MySQL) to just one IP. The idea is that users from another
> site should click a link whic redirects them to my special page on my
> server. Only those who access my page from one particulary URL are
> allowed to see my file. All others are denied.
> Is it possible to solve this with a .htaccess file, or do I need a php
> solution?
>

You can't do it at all. HTTP_REFERER can be faked or may not be sent,
for instance.

You theoretically do something like have a parameter you pass with the
request; it would change once a minute and would only be good for 90
seconds or so. But you'd have to keep the two systems in sync.

Or you could generate a list parameters and make each one good only
once. But you'll have to maintain potentially long lists, and the more
items in the list the better chance of having someone find it. But if
the parameter string is long enough, it won't happen.

A couple of ideas, anyway.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]