Allow Directory Listing only from specific URL

Question

Setup Server: Apache 2.2. I do have access to httpd.conf, but in case necessary the solution can be using .htaccess

The goal: To permit directory listing only in case the request comes from a specific URL. So only if user abled to access a specific URL in my site he/she will be able to access this directory.

Currently I only have this configuration that allows all to access this directory:

<Directory "/home/myaccount/app/Ui/policies/gray_list">
Options Indexes FollowSymLinks
</Directory>

Answer 1

It is possible to evaluate the ReferrerURI for this (you said requests coming from a specific url, so a page offering a link), however note that this is not reliable. The ReferrerURI is a simple http header, thus it is very easy to manipulate / spoof that.

The only reliable approach to this is using session handling. So enforcing some kind of authentication to the referring page and only grant a directory listing if the authentication process protecting the referring page has led to a valid session. This has to be done on scripting level though, I am not aware of a straight forward approach using apache features only.