Home > Software engineering >  403 forbidden while trying to open a webpage on a website from another website
403 forbidden while trying to open a webpage on a website from another website

Time:04-05

I have hosted a static webpage on Gitlab pages. The URL of the webpage is myname.gitlab.io

I have another website hosted with hostgator which has the URL "mysecondwebsite.com". "mysecondwebsite.com" has thousands of static html pages hosted on the various paths like "mysecondwebsite.com/charts/folder1/1.html", "mysecondwebsite.com/charts/folder1/2.html", "mysecondwebsite.com/charts/folder1/3.html" & so on.

I don't want "mysecondwebsite.com" to be accessible directly nor the pages in it. Hence, I've enabled hotlink protection which works as expected. Now, I also want to allow access to "mysecondwebsite.com" ONLY FROM myname.gitlab.io. This website has list of hyperlinks which when clicked should open anapprpriate page in "mysecondwebsite.com". To achieve this, I've entered the following in .htaccess file on hostgator which isn't helping. I see 403 forbidden

# IP to allow
order allow,deny
deny from all
allow from gitlab.io

Current hotlink protection settings -

# DO NOT REMOVE THIS LINE AND THE LINES BELOW HOTLINKID:r2xGl7fjrh
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?mysecondwebsite.com/.*$      [NC]
RewriteRule .*\.(.*|jpg|jpeg|gif|png|bmp|tiff|avi|mpeg|mpg|wma|mov|zip|rar|exe|mp3|pdf|swf|psd|txt|html|htm|php)$ https://mysecondwebsite.com [R,NC]
# DO NOT REMOVE THIS LINE AND THE LINES ABOVE r2xGl7fjrh:HOTLINKID

I am in no way an expert with web hosting. Please could I get some help to get this working.

UDPATED htaccess

Options All -Indexes


RewriteEngine on
RewriteCond %{HTTP_REFERER} !somename\.gitlab\.io [NC]
RewriteRule .* - [F]

CodePudding user response:

allow from gitlab.io doesn't work on the http referer header like you seem to be expecting. Rather it works based on the IP address of user making the request.

Instead you want to use something that checks the referer and denies access when it doesn't contain myname.gitlab.io or your own website's host name. You can do that with mod_rewrite by placing the following in your .htaccess file:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http(s)?://((myname\.gitlab\.io)|((www\.)?mysecondwebsite\.com))/ [NC]
RewriteRule .* - [F]

This would allow referrers from your gitlab site, and would then allow those pages to fetch further resources such as images, js, and css. In this rule:

  • RewriteEngine on - turns on rewrites, this needs to be specified once in your .htaccess and is shared between all the rewrite rules and conditions
  • RewriteCond - specifies a condition for the next rewrite rule
  • ! says that the following regular expression should be negated (not matched)
  • ^ is the beginning of the regular expression
  • NC is "no case" meaning that this rule is case insensitive and will work for both upper-case and lower-case input
  • RewriteRule is the actual rule
  • .* says that it matches all URLs (in this case the condition specified above it what matters)
  • - means that there is no destination URL
  • F says that it should show the "forbidden" status as opposed to redirecting or internally changing the URL.

The problem with this approach is that it will forbid some requests that actually are referred from gitlab. Not all browsers actually send a referer header in all circumstances.

Page link:https//www.codepudding.com/Softwareengineering/361219.html

Prev:Seeking isolated indices using Python
Next:Return an element from a function (Kotlin)
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding