#!/usr/bin/perl
print "Content-type: text/html\n\n";
# LIST THE IPs/DOMAINS YOU WISH TO
# GRANT USAGE OF YOUR SCRIPT:
@valid_referers=("mywebsite.com", "111.22.33.444") ;
# SPECIFY AN ERROR MESSAGE:
$error_message = "You have no permission to use this script." ;
# CHECK FOR VALID IPs/DOMAINS
&check_valid;
# THE CHECK_VALID FOLLOWS
sub check_valid {
if (@valid_referers && $ENV{'HTTP_REFERER'}) {
foreach $referer (@valid_referers) {
if ($ENV{'HTTP_REFERER'} =~ /$referer/) {
$ref = 1;
last;
}
}
}
else {
$ref = 1;
}
if ($ref!= 1) {
print "$error_message";
exit;
}
}
#################################
### THE REST OF YOUR PROGRAM
### MAY BE PLACED BELOW HERE
#################################
[edited by: jatar_k at 12:20 am (utc) on Mar. 15, 2003]
[edited by: StopSpam at 12:22 am (utc) on Mar. 15, 2003]
[edited by: jatar_k at 12:21 am (utc) on Mar. 15, 2003]
to: if ($ENV{'HTTP_REFERER'}) {
What's is last; for?
last for? I have no idea i found this code so i try to put it in top of my script so only my site can use the script. but it aint working ...
i swapped the code for the line you wrote :
but also with : if ($ENV{'HTTP_REFERER'}) {
it is still not working other sites can still use script
i love it!
#!/usr/bin/perl
print "Content-type: text/html\n\n";unless ($ENV{'HTTP_REFERER'} =~ /^(http:\/\/¦http:\/\/www\.)(example.com¦111.222.333.444)/) {
print "You have no permission to use this script." ;
exit;
}#################################
### THE REST OF YOUR PROGRAM
### MAY BE PLACED BELOW HERE
#################################
Your working with frames, so the script must be called from the first frame the browser loads. Javascript might be a better solution.
i used your very thight code, it short code and easy to understand what it do... but it limmits to give access only to: [example.com...] anyone that type in url to script directly gets error message ..
i want the script to work when url is typed in corectly or called form my own domain name. but when called from diff domain then error .. but when some one types in the url of script or viisit the script from typing in theurl then it should work...
your code blocks to many options out ;-)
all htmls and scripts on my domain may use and call it.
anyone who type in the url to script may use it ..
but script may not be called with in a different domain name
its more complex to explain then it really is ;-)
wehat i am trying t say is: with your code script only works when coming from [example.com...] if coming from [example.com...] or anything els it gives error not allowed
Well that's the whole point of using a script of this sort. :)
Use this to allow empty referrers:
unless ($ENV{'HTTP_REFERER'} =~ /^(http:\/\/¦http:\/\/www\.)(example.com¦111.222.333.444)¦^$/) {
@fruit=("apples","bananas","oranges","kiwi","papaya","mango","[...]");
$desiredfruit = "kiwi";
foreach ($possible) @fruit {
if($possible==$desiredfruit) {
print "Woohoo! We found it!";
last;
}
}
So, it won't waste any time parsing through all the other fruits since it found what we wanted!
I could easily create a "browser" using LWP, which lets me specify any referer I want, and thereby get access anyway ;)
i hope that one day i will understand and write perl just as good as you guys
i got it working now
DrDoc
i have heart oif it but dont know how?
Never rely 100% on what HTTP_REFERER tells you. It may not be accurate...
its named spoofing or something so you can send any referer or ip you want to a script....
if treu this will make 90% of all scripts on www un secure ;-(
is this posible and goes same way as in perl scripts?
is this good? can i place it on any line i want or?
# allow and deny access <<------
<Files ~ "^.*$">
order allow,deny
allow from all
deny from env=ban
</Files>
# anti hotlink code <<------
RewriteEngine on
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://YourDomainName.com/.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://www.YourDomainName.com/.*$ [NC]
RewriteRule .*\.(gif¦GIF¦jpg¦JPG)$ [YourDomainName.com...] [R]
thx
Lines which begin with the hash character "#" are considered comments, and are ignored. Comments may not be included on a line after a configuration directive.Syntax of the Configuration Files [httpd.apache.org]
