Block access unless from previous page


I am looking for help to block people being able to browse - This website is for sale! - dynamicdns Resources and Information. unless they have got to that site by my admin portal which has a login.

I know this can be done on NGINX passing cookies into the config

Thanks in advance.

Super quick way would be a conditional rewrite based on the referer header. You could rewrite to a /forbidden dir and status 403 /forbidden, or something along those lines. A determined party could easily bypass this, though.

If you strictly require the user have authorised themselves, you could take a look at JSON Web Tokens, available as a Caddy plugin jwt. You could have your admin portal hand off the JWT as a cookie, or include the token as a query parameter in the link from the admin portal to the protected app.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.