I am trying to implement a login restricted area using basic authentication and ModRewrite. The logic I am trying that unless the referer page is within the extranet or the login page, the request will probably require authentication, so I forward the request to the login page. Then if the user was authenticated already the request will be automatically forwarded back to the requested URL.
I am trying to achieve the above with the following rewrite rules, but after the user is authenticated and the request happens to come without a referer the request ends up in a loop between the rewrite rule and the redirect from the login page.
Anyone have any ideas what I am doing wrong here?
Regards,
Olli
RewriteCond %{HTTP_REFERER} !^/extranet/(.*)$ [NC]
RewriteCond %{HTTP_REFERER} !^/extranet_login.html [NC]
RewriteRule ^/extranet/(.*)$ /extranet_login.html?url=%{REQUEST_URI} [L,R,NC]
Figured it out in the end.
The problem was that I was doing response.sendDirect in my login page for already authenticated users. This meant that there was no referer. Doing the redirect in javascript after page is fully loaded fixes this and gives me the referer.
Olli