avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Monday March 4, 2024, 2:31 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: HTACCESS file correct wording to prevent outside access but allow internal links  (Read 2318 times)


  • Supporting Member
  • Joined in 2012
  • **
  • Posts: 570
  • Fighting Slime all the Time
    • View Profile
    • Donate to Member
On a website I have been working on, I recently got some help for a chat room from as very nice user here.  The program called Microchat (which I highly recommend to anyone who might need a standalone minimalist environment.  It was great advice and I appreciate it) (Sorry "App103"  it was you I think.  Give credit where it is due  :)

On my website i now am able to provide a link to  the microchat folder inside the parent folder.  So far, they have to leave one page to go to the other but I got it to open a tab instead of a page so getting back is easy.  The problem is that while inside the microchat folder, the displayed web-address can be copied and used to re-enter the microchat room without going through the main name/password log in.  Normally I would use htaccess  with the usual "order deny, allow.." ect.  But it would be more practical if it redirected them to the login page if they tried to "sneak in the back door"   :).  

I tried to use a normal htaccess redirect that i have used before but on this one it did nothing at all.  Pasting the link into a browser addressbar allowed me outside access going to the Microchat subfolder insider the website with no problem.  Not good as that bypasses all security  Since all the pages inside the site must have a link to allow the logged-in users to make use of the chat room, it has to allow at least inside access (from the main site directory to the Microchat subdirectory) but anyone trying to later reuse the displayed link in an address-bar needs to be blocked.  Either redirected to the login page or a 403 Access not permitted. or any suitable "Keep Out Message"    :)

I tried a couple of htaccess files I have used in the past but they did not seem to help, probably because I don't know what I'm doing  :)  But.  I'm getting there.
« Last Edit: October 06, 2013, 11:35 PM by questorfla, Reason: credit a user with her help »