I’ve just setup an HTTP Redirect from www.philihp.com to www.philihp.com/blog. This makes it so people don’t see my ugly project listing when they come here, they go right to the blog. I still wanted people to be able to go to the root path, though, because a lot of times whenever I put some small project, gizmo, or widget up, I’ll just stuff it in a new directory from the root path. I settled on allowing only listing when the HTTP header value HTTP_REFERER begins with a path from my blog.
To replicate this again elsewhere, create an .htaccess file in your root directory and put in it (or it if it exists, append to it) the following:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://www.philihp.com/ [NC]
RewriteRule ^$ /blog/ [R,L]
The first line turns mod_rewrite on. It’s off by default to make serving static files very fast, but mod_rewrite is very fast, and we need it anyway, so turn it on. RewriteRules come in chunks, where every RewriteRule has the RewriteConditions that came immediately before applied to it. So the second and third lines come as a chunk, which reads “If the path is empty (i.e. root path), and the HTTP_REFERER[sic] variable does not (!) begin (^) with http://www.philihp.com/, send the request to /blog/. But wait, I have 2 flags, R to Redirect instead of Forward, and L because this is the Last rule we need to process for this request.
The bad thing about this practice is similar to the problem we used to have where HTML frames would break bookmarks. A user might go to the directory listing and bookmark it, but if they return, their HTTP_REFERER is different, and the redirect would trigger. But in my case, that’s not a terribly terrible to the user.
It’s not too difficult for a malicious attacker to craft their own HTTP_REFERER tag, so be careful depending on it for anything where security is a priority.
Comments (7)
Your web page doesn’t correctly work in safari browser
Yes it does. It works on my iPhone, and on Google Chrome; both of which use WebKit, the same rendering engine as Safari.
Also, I removed the URL from your post, since it was just a page containing advertisements.
Your are Great. And so is your site! Awesome content. Good job guys! Interesting article, adding it to my favourites!
The [L] flag is not needed, and will force a reparse of the .htaccess file
.
Wes, I think you mean [N], not [L].
very nice
thank youuuuuu
not redirecting in IE8
Project Listing
Name Last modified Size Description——————————————————————————– 25things/ 02-Feb-2009 02:53 –
42/ 04-Feb-2009 12:56 –
asset/ 06-Jan-2009 22:30 –
babbygainer/ 31-Oct-2009 08:08 –
blog/ 17-Jul-2009 10:24 – <—— Go Here
fbgrab/ 26-Jun-2009 23:43 –
images/ 14-Feb-2010 17:13 –
openid/ 26-Feb-2009 10:14 –
star_wars_risk/ 09-Dec-2009 12:40 –
transient/ 09-Nov-2009 20:25 –
favicon.gif 09-Jun-2009 08:57 0
favicon.ico 09-Jun-2009 08:57 0
girlskissing.php 04-Jan-2009 21:53 494
robots.txt 09-Jun-2009 08:57 0
xd_receiver.htm 31-Oct-2009 07:34 312
——————————————————————————–
Because of this, you should be redirected to blog/, unless you just came from there. This could make bookmarking this page a little weird. I know it really messes up OpenID.
I also run some other domains, at which there may or may not be fun stuff to play with.
java.philihp.com
shatner.philihp.com
phora.net