Hello! I'm going to implement interesting thing in my web server configuration. So, the main requirement is: 1) Allow access to some directory if user clicked on a link on the same site 2) Ask about login and password if request was direct, like written directly in web browser's URL window. Something like: <Directory /var/www/html/restricted> <If "request was not direct"> AuthType Basic AuthName "Restricted Content" AuthUserFile /etc/apache2/.htpasswd Require valid-user </If> </Directory> Code (ApacheConf): Can someone help me with it?
This approach is not secure, the HTTP_REFERER value cannot be trusted. There is always some way to modify the value.