Alright, after much annoying endless loops
I think I've got it figured out using 2 .htaccess files (one to process referer and one for password). The directory structure would look like so on the site:
CODE
.htpass <--- contains the passwords for the site (put this OUSIDE the webspace)
/.htaccess <--- contains the referer mod_rewrite
/index.html <--- asks people to Login - links to /pass
/pass/ <--- contains .htpassword that has login params
/pass/.htaccess <--- <limit> tags for the passwords
/pass/index.html <--- contains Thank you for logging in and Link to /content
/content/ <--- Houses all the "content" of the site
Thats about it...
In the .htpass file, you need to setup a user/pass with htpasswd... (read more on this later) Put this file outside of the web readable space.
In the .htaccess file you need the following:
CODE
Rewriteengine on
RewriteCond %{HTTP_REFERER} !^http://yoursite.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.theothersite.com/.*$ [NC]
RewriteRule .*$ http://yoursite.com/pass [R,NC]
In the /pass/.htaccess file you need the following:
CODE
AuthUserFile /full/path/to/.htpass
AuthName "You need to Login First ######a!"
AuthType Basic
Satisfy Any
<Limit GET POST>
order deny,allow
deny from all
require valid-user
</Limit>
The other files are just html that use common <a href> tags to link to the other pages. To setup .htpass you need access to htpasswd on the server. So if you have SSH good, just hit the shell and type:
htpasswd -c .htpass USERNAMEchange
USERNAME with whatever username you wish. You can setup multiple users to track access to it as well. Just drop the -c when adding users.
And to see it in action, check out the following ( I added referer info for each page so you can kind of see what the server see's as the referer):
This link should work for everyone, no pass:
http://pr0ntab.com/blackburnrovers/content/This link should take you to main page, of the site, no pass unless you click the link(Copy/Paste link into browser):
CODE
http://pr0ntab.com/blackburnrovers/
This link should take you to a password. Once logged in (demo/test) it will link to the content and no further password should be needed (you have to cut and paste this into a browser window to null the referer)
CODE
http://pr0ntab.com/blackburnrovers/content/