I have a problem on a protected picture area.
I am using mod_rewrite and apache 1.3.9
I protect the directories from in-line linking by using these lines in my http.conf file.
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://pictures.domian.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.domain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://domain2.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://domain3.com/.*$ [NC]
RewriteRule .*.*$ http://www.domain4.com [L,R]
While this works fine for any linking from other pages, it doesn't stop anyone from just "typing in" the URL of the picture in the browser and linking that way.
I can disable the "type in" by commenting out the line:
RewriteCond %{HTTP_REFERER} !^$
Now here is the problem,
I use a .cgi program to call the pictures for a gallery and the .cgi program doesn't send a HTTP_REFERER header so mod_rewrite thinks that it is a "type in", thus if I comment out the first line then my gallery program doesn't work.
Is there some other veriable or rule that I can use to protect the pictures subdomain? Maybe SERVER_NAME or DOCUMENT_ROOT or something like that.
I was thinking of adding a rule before this one to pre-qualify referers comming from this server.
I tried this but couldn't make it work.
RewriteCond %{SCRIPT_URL} !^/.*/imageFolio.cgi/$ [NC]
RewriteRule .*/.*$ http://www.domain.com [L,R]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://pictures.domian.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.domain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://domain2.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://domain3.com/.*$ [NC]
RewriteRule .*.*$ http://www.domain4.com [L,R]
Help,
Thanks in advance,
Carroll Guthrie
President
Net Media Internet Services
http://www.nminc.net/
Dedicated servers as low as $149/mo
Bandwidth as low as $300/meg
<font size=-1>[ This Message was edited by: netmedia on 2001-10-07 15:54 ]</font>