Restrict default anonymous login to authentication(very challenging to me! )

kaka228 · July 29, 2013, 2:11am

hey guys,
i need your helps!!!

There are some applications in my homepage such as bookmarks, Files, Activities… can be accessed by anonymous.

For example,
I log on to my page and open the bookmark page. then, copy the link and log out.
i go to that bookmark page but i can still access it.

Some paths of my web site are default as public link too. Therefore, non-login(do not authenicated) users can access the link even though i log on to the page.
how can i configure the server to prohibit anonymous access of those applications.(IBM Websphere Application Server 8)
should i firstly consider .htaccess file ???

PLS help, i have no idea on it

–>(restrict default anonymous login to authentication)!

dklynn · July 30, 2013, 11:45am

kaka,

While notoriously insecure, you can use .htaccess to check the {HTTP_REFERER} to be the specific linking page before allowing access to the page you want to protect.

Betters ways may be to either put the protected page in a password protected directory (a major PITA for visitors) or fetch the page (from outside your webspace) via PHP or AJAX and present it IN the linking page.

Regards,

DK

kaka228 · July 31, 2013, 3:21am

DK,
thanks for answering me! NICE!
best regards,
KAKA