HTTP_REFERER

Fix it!!

HTTP_REFERER

Postby Will » Tue Mar 07, 2006 7:30 am

on my site, users can download files with the following link:
http://domain.co.uk/files/<type>/<id>/download/

this page then redirects them to the file.
taking this into account, the HTTP_REFERER for the file would be the link above.
so people cant use up my bandwidth without me knowing, i want to stop people from downloading anything if the referer isnt this link.
i have tried:
Code: Select all
RewriteCond %{HTTP_REFERER} files/[a-z]+/[0-9]+/download/$
RewriteRule uploads/.{1,}\..{3,4} - [L]
this lets everything through

Code: Select all
RewriteCond %{HTTP_REFERER} ^.*/[a-z]+/[0-9]+/download/$
RewriteRule uploads/.{1,}\..{3,4} - [L]
this lets nothing through

Code: Select all
RewriteCond %{HTTP_REFERER} ^http://%{HTTP_HOST}/[a-z]+/[0-9]+/download/$
RewriteRule uploads/.{1,}\..{3,4} - [L]
this also lets nothing through

does anyone know what im doing wrong?
thanks for any help in advance

Will
Will
 
Posts: 1
Joined: Tue Mar 07, 2006 7:17 am

php

Postby softtoy » Thu Jul 06, 2006 2:10 am

I think you should use eg. php to do that. And second it's extremely stupid to restrict access based on referer or user agent etc. They can be changed to anything by user. Well it might block most of the noobs.

Mostly my referer is "." and user agent "crawler".
softtoy
 
Posts: 26
Joined: Mon Jun 12, 2006 9:45 pm


Return to Security with Mod_Rewrite

Who is online

Users browsing this forum: No registered users and 11 guests

cron