Restricting access to page unless coming from a specific page

Question

I\'m trying to figure out how to restrict access to a page unless the page is navigated to from a specific \"gate\" page. Essentially I want the page to be unaccessible unless y

Answer 1

If possible, can you limit your suggestions to using either html or javascript?

No. Because there is no secure way using only these two techniques. Everything that goes on on the client side may be manipulated (trivially easy). If you want to be sure, you have to enforce this on the server side by checking for the REFERER (sic!) header.

Mind, even this can be manipulated.

If you're using Apache with mod_rewrite enabled, the following code will restrict access according to the referring page:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://www\.example\.com/.*
RewriteRule /* http://www.example.com/access-denied.html [R,L]

EDIT: I just checked the manual … unfortunately, giving a 401 status code isn't possible here. So the above solution isn't perfect because although it blocks access, it doesn't set the HTTP status accordingly. :-/ Leaves a bad taste in my mouth.