Is it possible to allow traffic from only one site per page?

Question

Is it possible to allow traffic from only one site per page?

I've been banging my head on this for several weeks now. I have a page that we want to get only from another domain. Is this possible with PHP or .htaccess? Ive posted a couple of attempts to do this here, nothing works. Please, help!

<?php

$allowed_domains = array('dirtybirddesignlab.com','foo.com');

$REFERRER = $_SERVER['HTTP_REFERER'];

if ($REFERRER == '') {
    exit(header('Location: 404.php'));
}

$domain = substr($REFERRER, strpos($REFERRER, '://')+3);
$domain = substr($domain, 0, strpos($domain, '/'));

if (!in_array($domain, $allowed_domains)) {
    exit(header('Location:404.php'));
}

?>

+3

php .htaccess

Dirty bird design Mar 10 '11 at 2:02

source share

3 answers

- :

<?php
$allowed = array("xxx.xxx.xxx.xxx", "xxx.xxx.xxx.xxx");
$ip = $REMOTE_ADDR;
if(!in_array($ip, $allowed))
{
header("Location: index.php"); 
exit;
}
?>

xxx.xxx.xxx.xxx ip- ?

IP- , , , .

, , :

<?php
$referer = $_SERVER['HTTP_REFERER'];
$referer_parse = parse_url($referer);

if($referer_parse['host'] == "mysite.com" || $referer_parse['host'] == "www.mysite.com") {
     // download...
} else {
     header("Location: http://www.mysite.com");
     exit();
}
?>

+2

Braddles 10 . '11 2:03

Try the following with .htaccess.

order allow, deny
deny from all
Allow from "domain allow without www"

if the domain name does not work, try
Allow with "IP Address"

Exclude "" in the actual file.

+1

GeneK Mar 10 '11 at 2:12

source share

Jared Farrish · Accepted Answer · 2011-03-10T02:44:10+0000

To expand my comment, see the block if ($REFERRER == '').

<?php

$allowed_domains = array('mydomain.com','yourdomain.com');

$REFERRER = $_SERVER['HTTP_REFERER'];

if ($REFERRER == '') {
    // What do you do here?
}

$domain = substr($REFERRER, strpos($REFERRER, '://')+3);
$domain = substr($domain, 0, strpos($domain, '/'));

if (!in_array($domain, $allowed_domains)) {
    exit(header('Location: error.php'));
}

?>

Please note that the above will be skipped to always refer to those browsers that did not report that the referrer is redirected to the error.php page.

My suggestion is to do something like ...

Generate salt, share with another server ($ dsalt = output something like puttygen.exe )
- $dkey = sha1 ($ dsalt.date('mDY G'))
$dkey , http://www.mydomain.com/getstuff-ajax.php?key= $dkey"
$dkey GET .

...

<?php

$dsalt = "AAAAB3NzaC1yc2EAAAABJQAAAIBNnuGAM6ZKURAS9h9ag".
         "H85T1eIE+jlLkq7GhFny8wMJNpSM0stTDWeEYfL+4xWIE".
         "lIF3NFvRpDAG/cgXuVmlBcO0ZxxKosrDv0dXCXNt5ciPJ".
         "UjFi1e0FEJtkO32xrTDEB2IUg9rZ0tiqqsqnTCZBQ4AEvpMi";

$dkey = sha1($dsalt.date('mDY G'));

// ... Other stuff or whatnot, possible the above is also just an include file

// Then, they use it...

echo "<a href=\"http://yourdomain.com/download.php?key=$dkey\">Download stuff</a>";

?>

- ('/path/to/domaincheck.php')

<?php

$dkey = $_GET['key'];

$dsalt = "AAAAB3NzaC1yc2EAAAABJQAAAIBNnuGAM6ZKURAS9h9ag".
         "H85T1eIE+jlLkq7GhFny8wMJNpSM0stTDWeEYfL+4xWIE".
         "lIF3NFvRpDAG/cgXuVmlBcO0ZxxKosrDv0dXCXNt5ciPJ".
         "UjFi1e0FEJtkO32xrTDEB2IUg9rZ0tiqqsqnTCZBQ4AEvpMi";

if (sha1($dsalt.date('mDY G')) != $dkey) {
    exit(header('Location: error.php'));
}

?>

, $dsalts . puttgen.exe.

- . , , -. $dkey (, ).

theirserver.com yourserver.com

, , , ,
to (re) ,

yourserver.com (),

Is it possible to allow traffic from only one site per page?

More articles: