What I want is rather simple but I cannot figure it out. I want that if someone tries to access any of the webpages directly on my website then he/she must be redirected to the home page of the website.
For Example : Someone tries to access www.domain-name.com/aboutus he gets re directed to www.domain-name.com/
you can check referrer to block any direct access to your website.
include this code in every page of your website.
<?php
$ref = $_SERVER['HTTP_REFERER'];
$url = "http://www.domain-name.com";
// $url is the main url of your website
if($ref==$url){}else{
header("location:$url");
}
?>
But it is completely deepened on browser to send the referrer header,
so it may not work sometimes.
You can use 2 way do it:
In your code, directed www.domain-name.com/aboutus to www.domain-name.com
Config webserver (apache, nginx)
Related
I am trying to route an external webpage to a local file on my machine.
For example:
https://example.org/something/page.php
should redirect to:
c:\local.html
I don't want to redirect all traffic from that domain, only this particular page.
I do not have access to the website so I can't change it.
It's a PHP script. This means you can use PHP's header() function to do what you need.
You'd use it like this:
<?php
header('Location: file://path/to/file.html');
?>
If you want to redirect to a different page on the same server simply use
<?php
header('Location: /path/to/file.php');
?>
This would cause all traffic that lands on that page to be redirected to that local path.
For the best performance you'd want to put this at the top of your script so that the page does not execute more PHP code than needed.
Also do note that any local files will not be visible for other users visiting your page on the interweb.
This means that whenever someone lands on page.php he or she will be redirected to the same path on their local PC so if that is not there they will get a 404 of some kind.
If you want it to happen immediately as you visit the page, add this inside your <head>-tag.
<meta http-equiv="refresh" content="0; url=file:///c:/local.html" />
Same can be achieved with Javascript, if you add this to your <script>-tag inside your <head>-tag.
window.location = "file:///c:/local.html"
And since I see you're using PHP, this might be ideal to you as well:
header('Location: file:///c:/local.html');
Using either one works, but I would prefer the PHP option. Simply add it inside your <php>-tag (at the top would be prefered).
Can I prevent direct access to a file, but allow that page to be embedded in an other page as an iframe?
I am using Apache and php on the serverside, and the file to be included is on the same domain.
Perhaps not the best solution (as some browsers or routers remove it) but you could use the HTTP_REFERER server value?
Something like:
<?php
if($_SERVER['HTTP_REFERER'] !== 'http://my-domain.com/page-x') {
header('HTTP/1.1 403 Forbidden');
exit;
}
//rest of code here
Nope, you cannot. Either you make your page available to everyone, or to no-one.
You can protect the page via basic authentication in order to restrict he users who can access it, however who accesses it will need to know the credentials for the page. There is a SO question on a topic like this: Basic authentication for a url in an iframe.
How can I check if I was redirected from another domain to page or opened directly in right domain?
Thanks for answer!
I assume from the tags, which you assigned that you own an server, running PHP and want to know whether the users, visiting your page are comming from a page belonging to your domain or from somewhere else.
This is normally stored in the referer header of an HTTP request.
Try accessing it in PHP with $_SERVER['HTTP_REFERER']
The variable should contain the whole path of the source page and you can extract the domain/hostname using parse_url()
Complete example:
<?php
$sourcehost = parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST);
?>
I tested it but ufortunately, after redirect 301 there is no data stored in the $_SERVER['HTTP_REFERER'] variable.
I have a php file on external-site.com like this:
<?php
session_start();
if($_SESSION['something'] == true) {
//do something
}
?>
This PHP file I include on a different website example.com like this:
<script src="http://external-site.com/session.js.php"></script>
When the visitor visits example.com he is redirected to external-site.com. Here I have this code:
<?php
session_start();
$_SESSION['something'] = true;
?>
And then the visitor is immediately redirected back to example.com.
Does this work? Because I am not violating the Same Origin Policy, right? I do not want to use the session on example.com itself. I only need it for external-site.com. So I do not want to transfer the session to another domain or anything like that.
If so, in which browser does it work and in which browser it does not?
Session are only available on the site which host the session calls.if you have two sites, they can't share natively session.
Edit : so if your session is opened on external -ite.com, you can't use it on example.com. in your case you need to use a SSO service.
I have this code for my wordpress site
<?php
if(!isset($_COOKIE['iwashere']) || ($_COOKIE['iwashere'] != "yes")){
setcookie("iwashere", "yes", time()+20000,'howtobuygoldoffshore.com');
header("Location: http://www.howtobuygoldoffshore.com/sitemap");
exit;
}
it works perfectly well and redirects new users based on cookies .
Now if someone wants to visit a link directly ie:http://howtobuygoldoffshore.com/process-payment they cant open it since it redirects them to a landing page due to to the cookie redirection
I wish to use it both the ways. A new user should also be able to visit direct links properly without seeing the landing page if he is going directly to the links such as http://howtobuygoldoffshore.com/process-payment
Can this be possible?
Have a look at $_SERVER['REQUEST_URI'].
You could check if index.php (or any other landings page) is given or something similar, and do or don't redirect.