httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Andersson" <rob...@profundis.nu>
Subject Re: [users@httpd] Rewriting a URL - kind of complicated
Date Thu, 02 Sep 2004 11:37:42 GMT
Bruno Marcondes wrote:
> RewriteCond  %{HTTP_REFERER}   ! unexdlc.ucdavis.edu
> RewriteRule    /DLC/                          /cfmx/DLC   [L]
>
> RewriteCond  %{HTTP_REFERER}   ! unexdlc.ucdavis.edu
> RewriteRule    /DLC/(.+)/(.+)                    /cfmx/DLC   [L]

You must also decide whether or not the rules should be applied when there
is no Referer header; the above rules will rewrite the URL in those cases.

If there is no Referer header, it can be because of:
1) The client is configured to not send it, so the user might have
    clicked a link on your site.
2) The client is configured to not send it, so the user might have
    clicked a link on an external site.
3) The user typed in the URI directly.

There is no way of telling the above scenarios apart by looking at the
request. You can identify the first one by looking back in the logs, to see
if there has been a request from that IP.

Nitpicking, but the regex in those conditions should be escaped, eg.
"!unexdlc\.ucdavis\.edu".

Of course, there is no security in this either, since the Referer header is
easily spoofed.

Regards,
Robert Andersson


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message