Webmaster Workshop
The Beginner's Guides Section

Front Page  Forums    Contact Us   Terms of Use   How To Guides  Resource Center


Hyperseek Search Engine
Ready to play with the big boys?


GUIDES
GENERAL

Choosing a Host

Hosting Terminology

Protection of contents


SCRIPTING

Beginners Guide to Telnet

Basic UNIX Commands

CHMOD and setting
permissions Guide

Basic guide to CRONTAB

Basic Guide to Paths
Protection of contents

 

Protecting your sites contents on a UNIX server

Protecting your contents from hot linking and unauthorized access of membership areas is quite easily carried out on a UNIX operating system server.

This is setup in two easy steps.

Firstly you need to put all the contents you want protecting in a separate directory so you in effect have the top level area where anyone can gain access with your login page as well.And then your membership area with all your contents and subdirectories  that need protecting.

Then all your contents after the login page are in your protected directories. Ensure you have no direct links between the two areas other than the login page.

A typical layout would look like this

Your Public Area

yourdomain.com/index.html
yourdomain.com/publicpages.html
yourdomain.com/login.html
yourdomain.com/images/header.gif

Your Membership Area

yourdomain.com/membersarea/index.html
yourdomain.com/membersarea/contentpage1.html
yourdomain.com/membersarea/images/image.gif
yourdomain.com/membersarea/banners/banner1.jpg

Once you have the pages and directories setup and if you have htaccess setup on your server (ask your host to do this if not) Then create your access protection file as follows.

Second step

You now need to create a htaccess file . To do this open your text editor and type in the following adjusting the domain names to suit your server.


AuthUserFile /dev/null

AuthGroupFile /dev/null

RewriteEngine On

RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com
RewriteCond %{HTTP_REFERER} !^http://yourdomain.com
RewriteCond %{HTTP_REFERER} !^http://your-ip-number
RewriteCond %{HTTP_REFERER} !^http://your-authorisation-service-domain.com

RewriteRule /* http://yourdomain.com/loginpage.html [R,L]


Save the file as .htaccess in plain text (ascii)
 
( Note the point before htaccess and there is no file extension

The first three lines of the RewriteCond  lines if your domain name was golden.net at the IP address 201.305.12.45

would read as follows

RewriteCond %{HTTP_REFERER} !^http://www.golden.net
RewriteCond %{HTTP_REFERER} !^http://golden.net
RewriteCond %{HTTP_REFERER} !^http://
201.305.12.45

The next line you would only use if you are using an external service to verify your members such as an AVS service. So if for example your AVS service was AgeCheck the line would read like this

RewriteCond %{HTTP_REFERER} !^http://www.agecheck.com

The last line is the page you want someone taken to if they try to access one of your protected files directly so if you wanted them to go to your login page it might read like this

RewriteRule /* http://www.golden.net/login.html [R,L]

All you need to do now is upload the file in ascii (text) mode to the directory you want to protect

e.g. To protect the directory members and all it's contents including any sub directories and their contents you need only to upload the file .htaccess to the members directory.

How it works

The key to how this works is the ^ symbol in the RewriteCond which means that the referring URL must start with the exact same symbols, letters or numbers after the symbol or it will send you to the page setup in the RewriteRule.

So if they do not come from your site they cannot bypass your login. No hotlinking no   bookmarking or no typing in of page URL's will work just it will send them to  the page you setup in the ReWriteRule

 

 


This site design and content is Copyright 2000-2005 by
Webmaster Workshop.com
Also the content supplied by other organizations is subject to their
respective Trade Marks and Copyright Policies

Webmaster