Richard,
This page might help give some inspiration.
http://www.askapache.com/htaccess/htaccess-fresh.html
It wouldn't be strong protection (but since you don't mind putting the
username / password in the URL I assume you just want basic
protection), but you can use mod_rewrite in some pretty creative ways
to redirect people away based on the URL, query string, cookies,
headers, etc.
For example, a silly example would be the following, which just
rewrites any URL without password=[password1|password2|password3]
(read that as a regular expression "OR").
RewriteEngine On
RewriteBase /my-secret-area/
RewriteCond %{QUERY_STRING} !^.*password=[password1|password2|
password3].*$
RewriteRule .* /my-secret-area/unauthorized.html
Obviously the above isn't scalable (and everyone would share
passwords), but the idea is that anything you can dream up to cram
into the request or query string, you can test for it using a regular
expression in your htaccess file and redirect users away if they fail
the test.
Bob Sneidar wrote:
Just an FYI there are content filters that react to redirects as
well. In this often cruel and unforgiving world it seems the use
of redirects and proxies can wreak havoc with the things we use
to protect ourselves. I am not sure what the solution is, but I
can think of who to blame. ;-)
Good reminder, Bob. Thanks.
I'm not necessarily set on using redirects. Really, any method by
which I can protect a directory from most users while granting
access to some would work for me, provided that whatever means I use
can pass the login into in the URL. I'm even good with doing this
in a CGI if only I could figure out the trick to protecting the
directory....
_______________________________________________
use-revolution mailing list
[email protected]
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution
