Hello,
I want to limit the access to an specific web page into my domain. It must be accessible only from the main menu, but not directly.
Is it possible?

No, not easily anyway. And absolutely not with HTML. You can password protect a page (server side), but then login will be required when the link is clicked too. Unless you password protect your whole site and then login will always be required to get to the site at all.

Maybe it would be possible with some server side tricks to check if the user reaches the page be clicking the link and if not redirect him somewhere else. But I'm not sure how that would be done, if possible at all.

You could check the Referer HTTP header (with e.g. PHP) to see if its URL originates on your own domain. Sounds like an annoyance to the user though.

And that header can be suppressed.

Then you'd just treat that user as any external (i.e. not-from-site-menu) arrival.

In theory I guess a return user could spoof a site URL referer in order to circumvent the menu requirement on subsequent visits. Not sure how important the menu requirement is to the OP.

If you don't mind that some users won't get the content.

That's true, it's the same dilemma as when you're preventing image leeching. But users blocking the Referer are probably very few, and hopefully remember that they're blocking the Referer header in their browsers (not that I do). Also at least some Referer-blocking browser addons let you send out a spoofed Referer based on the current sites domain, and then it should work anyway.

How do you mean?



Would you really expect that was the problem if you couldn't follow a link? If course if one doesn't mind putting a message up telling people not to block referer.... But even then, how many would bother to change their user settings to be able to use a site?

To prevent image leeching (hotlinking) sites usually check the referer, and if it's incorrect no image is shown. So, no content for browsers that don't send a referer header.


I guess it'd depend on how the link failed. A message would be helpful.


I guess that depends on how anxious the user is to view that page (I often change browser when a page doesn't work). Some users may go somewhere else, but maybe the OP wouldn't mind that.

Does it work like that? I've never noticed.



Yes, but it would be very odd an unusual. To paraphrase a famous book title - Don't make me confused!

It can be done in .htaccess as well: http://www.javascriptkit.com/howto/htaccess10.shtml (that's what I use myself, had forgotten all about it).

I guess we normally don't notice others using it, unless we hotlink their images into your own sites or forum posts.


True. Most visitors would probably just switch browser or go somewhere else, depedning on how interesting the site was.

I know how to do it. I've just not noticed or relaized it would block browsers that don't send any referer header. But couldn't that be fixed by allowing no referer at all? Sure, some users would get that hotlinked image, but that's better than than one's own users don't get an image. And the hotlinker should remove the image as soon as he realize it didn't work.

But we are getting very off topic now.

Yes I think you can do it both ways.


No the principle is the same for HTML files.