Allowing traffic from PayPal only

Asked Feb 28 '17 at 15:24

Active Feb 28 '17 at 15:24

Viewed 88 times

I've seen this page htaccess only accept traffic from specific http_referer and I think this is the code I need to replicate what I am looking to do ... can anyone please confirm or advise if I'm barking up the right tree ....

RewriteEngine On
RewriteBase /

# allow these referers to passthrough
RewriteCond %{HTTP_REFERER} ^https://*.*paypal*\.com
RewriteRule ^ - [L]

# redirect everything else
RewriteRule ^ http://www.clientsite.com/ [R,L]

Basically I only want users who have successfully completed a PayPal checkout to be able to access the PDF files in the folder.

edited May 23 '17 at 11:46

Community

asked Feb 28 '17 at 15:24

Rich Starkie

I feel like this isn't a great solution to your original problem. The HTTP referrer can be faked, so anyone can access the page, and it seems like a usability problem if people who purchased these PDFs cannot come back later to download them, since they will no longer be referred from PayPal. – Steve Feb 28 '17 at 15:27
1

Hi Steve, Personally I agree, however the client feels differently. Whilst I appreciate that the HTTP Referrer can be faked, its not a very simple thing to do so shouldn't be a big issue for the client. – Rich Starkie Mar 01 '17 at 16:16

Allowing traffic from PayPal only

0 Answers0