How can I authenticate clients using referrer information?

It is often useful to authenticate clients based on the page that theywere referred from. This information is contained in the'Referer'(sic) HTTP request header. Zeus Web Server version 3.3.7and greater support the referrermodule, which can be used to deny requests to certainMIME types depending on referrer information.

Prior to v3.3.7, referrer-based authentication is best achieved usingan ISAPI filter. A good template filter, which prevents thelinking of images from external web sites, is printed below. This codeis easily modified to provide many similar authentication solutions.

By default, the filter will prevent linking to .jpg,.jpeg and .gif files. Alternatively, a list ofextensions can be included in a file called:

  /etc/referer.extensions

The filter will log to a file called:

  /tmp/bad.referers

You need to save the source code below to a file, and compile this into a sharedlibrary. For example:

  $ gcc -o referer.dll -shared -fPIC referer.c

Finally, you need to enable Zeus' ISAPImodule, and add the compiled filter library(e.g. refrrer.dll) to the list of ISAPI filters.

You can download the source.

Content Manager [Administrator] 19 September 2005

Recently...

Other Resources

The ZWS Online Support service is provided as is, without warranty or specific endorsement by Zeus Technology. For technical support queries, please contact Zeus Technical Support. Articles and comments may not reflect the views of Zeus Technology. • Disclaimer and Privacy statement.