homepage Welcome to WebmasterWorld Guest from 54.198.139.141
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
Detect blank referrer in RewriteCond
For image hot linking
milanmk




msg:3391262
 6:07 am on Jul 11, 2007 (gmt 0)

I have the following rule to redirect all the images to a PHP script if the referrer is blank (not set?) or its not coming from my domain.

RewriteEngine On
RewriteCond %{HTTP_REFERER}!^$ [OR]
RewriteCond %{HTTP_REFERER}!domain\.com [NC]
RewriteRule (^blog/images/.*\.jpg$) /leech.php?src=$1 [L]

I tried and tested all the possible condition patterns but it's not allowing blank referrer to bypass the first rule. The second rule is working perfectly fine.

Examples:

RewriteCond %{HTTP_REFERER} !="" [OR]
RewriteCond %{HTTP_REFERER} !. [OR]
RewriteCond %{HTTP_REFERER} !"" [OR]

Any suggestions?

Milan

 

jdMorgan




msg:3391517
 2:06 pm on Jul 11, 2007 (gmt 0)

"!" means NOT, that is, "!^$" means "NOT blank"

You can express blank with any of:
^$
!.
""

Having finished with that, I must warn you that blocking blank referrers will result in all visitors to your site from ISPs such as AOL, Earthlink, and others seeing your site as badly-broken. They, like many corporate users, sit behind caching proxies at the borders of their networks. The effect of these caching proxies --in addition to saving you bandwidth-- is to suppress the HTTP referer. Therefore, if you block access by their caching proxies with blank referrer headers, they will all think your site is broken. Be prepared to lose their business and/or to handle their technical support requests.

Bottom line: It is not a good idea to block blank referrers, since it is not reliable as any kind of indicator of malicious intent. That is why most of the code you will see posted here Allows blank referers. Despite that, it works well enough to stop most casual hotlinking.

Jim

PCInk




msg:3391547
 2:26 pm on Jul 11, 2007 (gmt 0)

Also many standard firewalls block referers by default. I think Norton and MacAfee both block by default.

milanmk




msg:3392120
 5:25 am on Jul 12, 2007 (gmt 0)

Thanks Jim.

I am aware that blocking blank referrers is not a good idea and that is why my PHP hot linking script does not block the image request but creates watermark image on the fly mentioning my site address.

Milan

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved