my purpose is to secure a directory. For some reason ("Authentication" should be happen automatically and the user should not notice it) I can't use HTTP AUTH, so that's why I follow this way:
For instance, a image which is in this directory has to be called like this (from the same or another domain):
- Code: Select all
<img src="http://example.com/subdir/image.jpg?auth_string" />
Only calls with this "auth_string" are authorized to get files out of this directory. So my .htaccess looks like this:
- Code: Select all
# is the query_string equal auth_string. If so, set envirnment variable "authenticated" to 1
RewriteEngine On
RewriteCond %{QUERY_STRING} ^auth_string$
RewriteRule ^ - [L,E=authenticated_host:%{HTTP_REFERER}]
# allow only the host which is authorized through RewriteRule above
Order Allow,Deny
Allow from env=authenticated_host
Do you have any idea why it doesn't work. Or maybe a better approach.
Thanks in advance,
Patrick