Hi guyz

simplify my question

how can i change this mod_proxy rules in rewrite rules with P flag [P]

ProxyPass /media/videos/tmb http://0.0.0.0:81/media/videos/tmb
ProxyPassReverse /media/videos/tmb http://0.0.0.0:81/media/videos/tmb

mod_rewrite can do the referrer-based reverse-proxy function (ProxyPass), using a RewriteCond to check the referrer. You will need to keep your existing ProxyPass reverse directive.

But be aware that the HTTP Referer header is often missing, and that if it is present, it may be spoofed (faked).

Corporations and ISPs often use caching proxies to the reduce the amount of traffic in and out of their networks. Typical examples are AOL and Earthlink in the U.S.A. These caching proxies effectively suppress the HTTP Referer header, and can therefore defeat your attempt to base any server-side code on the referrer.

In addition, many "Internet Security" software programs will actually remove the Referer Header from client requests.

For these reasons, it is advisable to use a more-robust method (such as setting and testing an HTTP cookie).

Jim

hi jd morgan,

thanks for ur reply

actually my apache server using reverse proxy to lighttpd (localhost) for the the static files. But for the mod_proxy, i cannot not using the hotlinking protection because it is redirect my images folder to localhost without checking the referer

thats why i want to use the rewrite rules to detect the http-referer and then rewrite/redirect to the localhost

I hope u understand my idea

hi guyz,

just want to share my result.

#RewriteEngine on
RewriteCond %{HTTP_REFERER} ^$ [NC]
RewriteCond %{HTTP_HOST} ^[a-zA-Z0-9.]*mywebiste.com$ [NC]
RewriteRule ^/media/videos/tmb/(.*)$ [0.0.0.0:81...] [P,L]

Your rule fails under many conditions. Improving only what I see above, I'd suggest:

# if the HTTP Referer header is blank
RewriteCond %{HTTP_REFERER} ^$
# and if request was sent to any variation of my domain
RewriteCond %{HTTP_HOST} ^([a-z0-9]+(-?[a-z0-9]+)+\.)?mywebiste\.com(\.|\.?:[0-9])?$ [NC]
# reverse-proxy the request to the lighttpd back-end
RewriteRule ^/media/videos/tmb(/.*)?$ http://0.0.0.0:81/media/videos/tmb/$1 [P]

Please re-read my warnings above about how corporate and ISP proxies can suppress or remove HTTP Referer headers. Even if the code (as commented) does exactly what you think you want it to do, it is not likely the "this will work" reliably. All requests from AOL and Earthlink users (for example) will be proxied to your back-end, whether they were referred from your own domain or not.

In fact, if these static files are multimedia files (such as videos), then you are unlikely to get a Referer header with *any* requests, because media players typically do not send HTTP Referer headers.

Referer-based server actions are inherently unreliable, because the HTTP Referer header is optional, and is easily spoofed.

Note that I removed the [L] flag. When used with {P] or [F], the [L] flag is redundant.

Jim