Redirect strategies for coping with IE7

[Brian Yennie]

Richard,

This page might help give some inspiration.
http://www.askapache.com/htaccess/htaccess-fresh.html

It wouldn't be strong protection (but since you don't mind putting the  
username / password in the URL I assume you just want basic  
protection), but you can use mod_rewrite in some pretty creative ways  
to redirect people away based on the URL, query string, cookies,  
headers, etc.

For example, a silly example would be the following, which just  
rewrites any URL without password=[password1|password2|password3]  
(read that as a regular expression "OR").

RewriteEngine On
RewriteBase /my-secret-area/
RewriteCond %{QUERY_STRING} !^.*password=[password1|password2| 
password3].*$
RewriteRule .* /my-secret-area/unauthorized.html

Obviously the above isn't scalable (and everyone would share  
passwords), but the idea is that anything you can dream up to cram  
into the request or query string, you can test for it using a regular  
expression in your htaccess file and redirect users away if they fail  
the test.


> Bob Sneidar wrote:
>> Just an FYI there are content filters that react to redirects as  
>> well.  In this often cruel and unforgiving world it seems the use  
>> of  redirects and proxies can wreak havoc with the things we use  
>> to  protect ourselves. I am not sure what the solution is, but I  
>> can think  of who to blame. ;-)
>
> Good reminder, Bob.  Thanks.
>
> I'm not necessarily set on using redirects. Really, any method by  
> which I can protect a directory from most users while granting  
> access to some would work for me, provided that whatever means I use  
> can pass the login into in the URL.  I'm even good with doing this  
> in a CGI if only I could figure out the trick to protecting the  
> directory....