I am looking for help to block people being able to browse dynamicdns.com - This website is for sale! - dynamicdns Resources and Information. unless they have got to that site by my admin portal admin.my-site.com which has a login.
I know this can be done on NGINX passing cookies into the config
Thanks in advance.
Super quick way would be a conditional rewrite based on the
referer header. You could rewrite to a
/forbidden dir and
status 403 /forbidden, or something along those lines. A determined party could easily bypass this, though.
If you strictly require the user have authorised themselves, you could take a look at JSON Web Tokens, available as a Caddy plugin jwt. You could have your admin portal hand off the JWT as a cookie, or include the token as a query parameter in the link from the admin portal to the protected app.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.