homepage Welcome to WebmasterWorld Guest from 50.17.162.174
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe and Support WebmasterWorld
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
Blocking requests for certain files with no referer
Attempting to block requests w/empty referer
aslowrx




msg:1513925
 4:24 pm on Jan 11, 2005 (gmt 0)

Good Morning,

Currently I host quite a few car racing videos that I have limited the ability to be linked to a select few sites with:

RewriteEngine on
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://site1.com/.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://site2.com.*$ [NC]
RewriteCond %{HTTP_REFERER} ^http://site1.net/.*$ [NC]
ReWriteRule *\.(wmv¦WMV¦MOV¦mov¦avi¦AVI¦mpg¦MPG¦MPEG¦mpeg)$ [invalidsite.com...] [R,L]

then when they link to a video from someplace that can't it redirects them to another video. What I'm trying to accomplish now is to incorporate blocking of requests with NO referer into the above. Reason being is people are just RCSA'ng or cutting and pasting links to get past blocking the referer.

Thanks
_B

 

jdMorgan




msg:1513926
 12:45 am on Jan 12, 2005 (gmt 0)

aslowrx,

Welcome to WebmasterWorld!

  • Most media players provide no referrer.
  • Many AOL user accesses will provide no referrer.
  • Many other users' referrers will be blocked by their ISP's caching proxy was well.
  • The same applies to workers who access through their corporations' caching proxies.
  • A recent version of Norton Internet Security blocks referrers by default, though it can be re-configured if the user knows how (again, not likely).

    If none of those facts bother you, then remove the first RewriteCond from your code to block blank referrers.

    Blocking by referrer and user-agent are unreliable at best. You can use them to cut down on some abuse, but the only way to stop abuse without hurting your legitimate users is to implement a proper access-control scheme, usually with passwords and cookies.

    Jim

  • aslowrx




    msg:1513927
     2:24 am on Jan 13, 2005 (gmt 0)

    JdM,

    Thanks for your response, I did try it without the referer and found the results that you told me I would get.

    OH well I guess I'll just password protect the forum.
    Thanks a lot for your replies and in case anyone stumbles on this searching I used this to block those with no referer:
    RewriteCond %{HTTP_referer} ^$
    #RewriteRule .*\.(wmv¦avi¦mpg¦mpeg)$ www.site.com/index.html [R,L]

    Global Options:
     top home search open messages active posts  
     

    Home / Forums Index / Code, Content, and Presentation / Apache Web Server
    rss feed

    All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
    Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
    © Webmaster World 1996-2014 all rights reserved