Validate Referral

Fix it!!

Postby Zareh » Mon May 06, 2002 2:43 pm


I protect my sites based on referrer, recently there have been many tools which have come out which spoof the referrer URL, I used to rely on mod_rewrite to allow/deny access, but since these tools can fake a referrer, I cannot rely on referrer alone, any ideas?

Posts: 2
Joined: Sun May 05, 2002 4:00 pm

Postby Guest » Thu May 23, 2002 3:46 am

Code: Select all
RewriteEngine on
RewriteConde %{HTTP_REFERER} !^http://(www)?*$ [NC]
RewriteRule .(gif|jpg|php)$

maby this can help u


Postby Brett » Fri May 24, 2002 7:06 am

If you want to avoid depending on the referer, maybe you can write some PHP code involving cookies or sessions, or use some kind of system that requires the URL to include a specific query string. If you change the required query string regularly, no one will get into the site without first going to the page that supplies the query string.

Of course, these suggestions don't necessarily have anything to do with mod_rewrite!
Posts: 82
Joined: Tue Jul 10, 2001 4:00 pm

Return to Security with Mod_Rewrite

Who is online

Users browsing this forum: No registered users and 1 guest