Stopping referer abuse

Fix it!!

Stopping referer abuse

Postby greut » Thu Nov 27, 2003 6:12 am

I've try to kill my first referer abuse with mod_rewrite

.htaccess

Code: Select all
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://www.domainThatAbuse.me/.*$ [NC]
RewriteRule ^(.*)$ forward.php?url=$1 [L]


forward.php

Code: Select all
<?php
header("HTTP/1.1 301 Moved Permanently");
header("Location: ".$_GET["url"]);
header("Connection: close");
?>


Et I've got this message : Image

Does that seem it's working ??

in french : http://www.switchback.ch/webgreut/2003/11/27/
greut
 

corrected

Postby greut » Fri Nov 28, 2003 12:24 am

.htaccess

Code: Select all
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://www.freenude.*$ [NC]
RewriteRule ^(.*)$ forward.php [L]
forward.php


Code: Select all
<?php
header("HTTP/1.1 301 Moved Permanently");
header("Location: ".$_SERVER["HTTP_REFERER"];);
header("Connection: close");
?>


example : http://www.chez.com/greut/modrewrite/

Watch that : http://httpd.apache.org/docs/misc/rewriteguide.html
Referer-based Deflector

Description:
How can we program a flexible URL Deflector which acts on the "Referer" HTTP header and can be configured with as many referring pages as we like?

Solution:
Use the following really tricky ruleset...

Code: Select all
RewriteMap  deflector txt:/path/to/deflector.map

RewriteCond %{HTTP_REFERER} !=""
RewriteCond ${deflector:%{HTTP_REFERER}} ^-$
RewriteRule ^.* %{HTTP_REFERER} [R,L]

RewriteCond %{HTTP_REFERER} !=""
RewriteCond ${deflector:%{HTTP_REFERER}|NOT-FOUND} !=NOT-FOUND
RewriteRule ^.* ${deflector:%{HTTP_REFERER}} [R,L]


... in conjunction with a corresponding rewrite map:

Code: Select all
##
##  deflector.map
##

http://www.badguys.com/bad/index.html    -
http://www.badguys.com/bad/index2.html   -
http://www.badguys.com/bad/index3.html   http://somewhere.com/


This automatically redirects the request back to the referring page (when "-" is used as the value in the map) or to a specific URL (when an URL is specified in the map as the second argument).
greut
 


Return to Security with Mod_Rewrite

Who is online

Users browsing this forum: No registered users and 19 guests

cron