The Web Design Group

... Making the Web accessible to all.

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> Prevent direct access to an HTML page
jlsogorb
post Dec 7 2020, 01:14 PM
Post #1





Group: Members
Posts: 1
Joined: 7-December 20
Member No.: 27,675



Hello,
I want to limit the access to an specific web page into my domain. It must be accessible only from the main menu, but not directly.
Is it possible?
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
pandy
post Dec 7 2020, 01:21 PM
Post #2


🌟Computer says no🌟
********

Group: WDG Moderators
Posts: 19,780
Joined: 9-August 06
Member No.: 6



No, not easily anyway. And absolutely not with HTML. You can password protect a page (server side), but then login will be required when the link is clicked too. Unless you password protect your whole site and then login will always be required to get to the site at all.

Maybe it would be possible with some server side tricks to check if the user reaches the page be clicking the link and if not redirect him somewhere else. But I'm not sure how that would be done, if possible at all.
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
Christian J
post Dec 7 2020, 02:25 PM
Post #3


.
********

Group: WDG Moderators
Posts: 8,829
Joined: 10-August 06
Member No.: 7



You could check the Referer HTTP header (with e.g. PHP) to see if its URL originates on your own domain. Sounds like an annoyance to the user though.
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
pandy
post Dec 7 2020, 03:49 PM
Post #4


🌟Computer says no🌟
********

Group: WDG Moderators
Posts: 19,780
Joined: 9-August 06
Member No.: 6



And that header can be suppressed.
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
Christian J
post Dec 7 2020, 04:49 PM
Post #5


.
********

Group: WDG Moderators
Posts: 8,829
Joined: 10-August 06
Member No.: 7



Then you'd just treat that user as any external (i.e. not-from-site-menu) arrival.

In theory I guess a return user could spoof a site URL referer in order to circumvent the menu requirement on subsequent visits. Not sure how important the menu requirement is to the OP.
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
pandy
post Dec 7 2020, 07:55 PM
Post #6


🌟Computer says no🌟
********

Group: WDG Moderators
Posts: 19,780
Joined: 9-August 06
Member No.: 6



QUOTE(Christian J @ Dec 7 2020, 10:49 PM) *

Then you'd just treat that user as any external (i.e. not-from-site-menu) arrival.


If you don't mind that some users won't get the content.
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
Christian J
post Dec 7 2020, 08:50 PM
Post #7


.
********

Group: WDG Moderators
Posts: 8,829
Joined: 10-August 06
Member No.: 7



That's true, it's the same dilemma as when you're preventing image leeching. But users blocking the Referer are probably very few, and hopefully remember that they're blocking the Referer header in their browsers (not that I do). Also at least some Referer-blocking browser addons let you send out a spoofed Referer based on the current sites domain, and then it should work anyway.




User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
pandy
post Dec 7 2020, 09:13 PM
Post #8


🌟Computer says no🌟
********

Group: WDG Moderators
Posts: 19,780
Joined: 9-August 06
Member No.: 6



QUOTE(Christian J @ Dec 8 2020, 02:50 AM) *

That's true, it's the same dilemma as when you're preventing image leeching.


How do you mean?

QUOTE
But users blocking the Referer are probably very few, and hopefully remember that they're blocking the Referer header in their browsers (not that I do). Also at least some Referer-blocking browser addons let you send out a spoofed Referer based on the current sites domain, and then it should work anyway.


Would you really expect that was the problem if you couldn't follow a link? If course if one doesn't mind putting a message up telling people not to block referer.... laugh.gif But even then, how many would bother to change their user settings to be able to use a site?
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
Christian J
post Dec 8 2020, 08:46 AM
Post #9


.
********

Group: WDG Moderators
Posts: 8,829
Joined: 10-August 06
Member No.: 7



QUOTE(pandy @ Dec 8 2020, 03:13 AM) *

How do you mean?

To prevent image leeching (hotlinking) sites usually check the referer, and if it's incorrect no image is shown. So, no content for browsers that don't send a referer header.

QUOTE
Would you really expect that was the problem if you couldn't follow a link? If course if one doesn't mind putting a message up telling people not to block referer.... laugh.gif

I guess it'd depend on how the link failed. A message would be helpful.

QUOTE
But even then, how many would bother to change their user settings to be able to use a site?

I guess that depends on how anxious the user is to view that page (I often change browser when a page doesn't work). Some users may go somewhere else, but maybe the OP wouldn't mind that. unsure.gif

User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
pandy
post Dec 9 2020, 11:42 AM
Post #10


🌟Computer says no🌟
********

Group: WDG Moderators
Posts: 19,780
Joined: 9-August 06
Member No.: 6



QUOTE(Christian J @ Dec 8 2020, 02:46 PM) *

To prevent image leeching (hotlinking) sites usually check the referer, and if it's incorrect no image is shown. So, no content for browsers that don't send a referer header.

Does it work like that? I've never noticed.

QUOTE
QUOTE
Would you really expect that was the problem if you couldn't follow a link? If course if one doesn't mind putting a message up telling people not to block referer.... laugh.gif

I guess it'd depend on how the link failed. A message would be helpful.


Yes, but it would be very odd an unusual. To paraphrase a famous book title - Don't make me confused!
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
Christian J
post Dec 9 2020, 05:34 PM
Post #11


.
********

Group: WDG Moderators
Posts: 8,829
Joined: 10-August 06
Member No.: 7



QUOTE(pandy @ Dec 9 2020, 05:42 PM) *

Does it work like that? I've never noticed.

It can be done in .htaccess as well: http://www.javascriptkit.com/howto/htaccess10.shtml (that's what I use myself, had forgotten all about it).

I guess we normally don't notice others using it, unless we hotlink their images into your own sites or forum posts.

QUOTE
To paraphrase a famous book title - Don't make me confused!

True. Most visitors would probably just switch browser or go somewhere else, depedning on how interesting the site was.

User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
pandy
post Dec 9 2020, 07:42 PM
Post #12


🌟Computer says no🌟
********

Group: WDG Moderators
Posts: 19,780
Joined: 9-August 06
Member No.: 6



I know how to do it. I've just not noticed or relaized it would block browsers that don't send any referer header. But couldn't that be fixed by allowing no referer at all? Sure, some users would get that hotlinked image, but that's better than than one's own users don't get an image. And the hotlinker should remove the image as soon as he realize it didn't work.

But we are getting very off topic now. blush.gif
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
Christian J
post Dec 9 2020, 08:06 PM
Post #13


.
********

Group: WDG Moderators
Posts: 8,829
Joined: 10-August 06
Member No.: 7



QUOTE(pandy @ Dec 10 2020, 01:42 AM) *

But couldn't that be fixed by allowing no referer at all?

Yes I think you can do it both ways.

QUOTE
But we are getting very off topic now. blush.gif

No the principle is the same for HTML files.

User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



- Lo-Fi Version Time is now: 3rd August 2021 - 05:17 AM