httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ian <...@monster.simplecom.net>
Subject documentation problem
Date Tue, 06 Nov 2001 20:18:57 GMT

A problem was recently brought to my attention regarding the "Blocking
Inline Images" section of the "URL Rewriting Guide" section. The problem
is that a customer of mine wanted to block all non-local referrers from
accessing files, and also to block blank referrers (preventing access from
directly entering the URL to the file). The documentation gives the
following example:

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.quux-corp.de/~quux/.*$ [NC]
RewriteRule .*\.gif$        -                                    [F]

which says, if it's not blank, and doesn't come from ...quux-corp..., then
forbid access. However, one could have a blank referrer and gain access to
*.gif. It makes no mention of what to do if the referrer _is_ blank. TO
correct this problem, I made the following modification to line 2:

before: RewriteCond %{HTTP_REFERER} !^$

after: RewriteCond %{HTTP_REFERER} ^$ [OR]

As the first line in the documentation version seems to serve no purpose,
and the intent appeared to be to block blank referrers, I assumed the
example was incorrect and decided to submit this. Please let me know if my
logic is flawed. The rule change works, however, so please update the docs
to help people out.

Thank you,

Ian Kinner
Simple Communications


---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message