Enhanced Referrer Checking

Situation

You wish to implement additional control of referrer checking, over and above that provided by the Referer Checking module (which allows specific MIME types to be protected).

Solution

match URL into $ with ^/dir/to/be/protected/.*
if matched
   match IN:REFERER into $ with members\.example\.com
   if not matched
      set URL = /errorPageForBadReferer.html
   endif
endif

match IN:REFERER into $ with ^(www\.)?.+\.example\.com$
if not matched
   set URL = /errorPageForBadReferer.html
endif

Decription

Redirect requests for pages that haven't originated from a specified site to an error page, which can be achieved for a specific directory (as in the first example) or for an entire site (second example).

Technical

Note that all "."s in the referrer header must be escaped to prevent them being interpreted as "any character". As above, match blocks (between "if" and "endif") can be nested.

"referer" is a mis-spelling of "referrer" which somehow made it into the HTTP standard without being spotted...

Content Manager [Administrator] 07 March 2006  Permalink 2 comments  

Comments:

This public messageboard is not a forum for technical support. To report technical support problems, please contact our dedicated Support team using the instructions at the bottom of this page.

Comment from: Rob McGregor [Visitor] · http://www.computerberks.co.uk
Hi i'm trying to switch over from using apache form .htaccess for referer management and have run into some problems. My hosting co. don't want to help much and direct me here but i can't find the answer i am looking for. Quite simply, I want to stop hotlinking to images that reside in my website. I have tried the following rewrite.script and saved it at the folder that has the images i want to protect: 
match URL into $ with \.(gif|jpg|jpeg)$
if matched
    match IN:REFERER into $ with ^(www\.)?.+\.bryan-talbot\.com$
    if not matched
        set URL = http://www.test.com/donotsteal.jpg
    endif
endif
As you can see - what i want to acheive is that when a visitor comes and hotlinks an image the is on my site, i want to present my do not steal image instead. It does not seem to work. I have searched high and low on the net and found very little on how to do this. Any good ideas? Many thanks.
Permalink 28 March 2006 @ 10:25
Comment from: Stuart Shelton [Zeus Support] · http://blog.srcshelton.dyndns.info/
Hi Rob,

Rewrite scripts must be installed into the Web Server, rather than residing in directories as Apache .htaccess files do - so unfortunately you are going to require the assistance of your hosting company to get this to work.

The two best options that you have are either to continue using .htaccess files to perform your filtering (since ZWS does support Apache-style .htaccess files - but your host will need to have enabled this) or you could ask your host to implement a rewrite rule which "execute"s an arbitrary file inside your document root which contains further rules written by you.

Hope this helps!
Permalink 28 March 2006 @ 11:34
Leave a comment ...
Your email address will not be displayed.
Your URL will be displayed.
This public messageboard is not a forum for technical support. To report technical support problems, please contact our dedicated Support team using the instructions at the bottom of this page.
Options:
 
(Line breaks become <br />)
(Set cookies for name, email & url)
Download Free Trial

Recent Articles

Other Resources



www.zeus.com

powered by
b2evolution
The ZWS Online Support service is provided as is, without warranty or specific endorsement by Zeus Technology. For technical support queries, please contact Zeus Technical Support. Articles and comments may not reflect the views of Zeus Technology.  •  Disclaimer and Privacy statement.