Rule help

Fix it!!

Rule help

Postby jayhawk785 » Sat Feb 19, 2005 11:06 am

I'm fairly new to this, here's my problem:

I have two vhosts, we'll call them: www.whatever.com and images.whatever.com.

I need to block EVERYHING from hitting images.whatever.com, unless it's referred by www.whatever.com.

All content in the images.whatever.com is .zip - there is not html, php, or other.

I wrote a rule that I thought would work, but seems to block any request :):
=== currently i put this in the vhost ===
Code: Select all
        SetEnvIfNoCase Referer "^http://www\.whatever\.com/" local_ref=1
        <FilesMatch "\.(zip|jpg)">
            Order Allow,Deny
           Allow from env=local_ref
       </FilesMatch>


or

Code: Select all
        SetEnvIfNoCase Referer "^http://covers\.whatever\.com/" local_ref=1
        <FilesMatch "\.(zip|jpg)">
            Order Allow,Deny
           Allow from env=local_ref
       </FilesMatch>




Here is what the refer looks like from www.whatever.com: (doesnt seem to show its coming from www.whatever.com, when requesting to images.whatever.com:

68.204.186.114 - - [19/Feb/2005:11:12:13 -0700] "GET /notebook_00013_cstm.zip HTTP/1.1" 403 310 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"


any help would be greatly appreciated!
jayhawk785
 
Posts: 3
Joined: Sat Feb 19, 2005 10:44 am

Postby Caterham » Sun Feb 20, 2005 7:55 am

The Referer-prortion of the log is empty. You should allow blank referers, too.

Referers might be striped
  • by the browser it self
  • InternetSecurity software (firewalls etc.)
  • www-cache servers (proxys)
In all three cases the referer might be empty. To allow empty referers as well, add

Code: Select all
        SetEnvIfNoCase Referer "^$" local_ref=1


Bob
Caterham
 
Posts: 690
Joined: Fri Dec 10, 2004 1:30 pm

Postby jayhawk785 » Sun Feb 20, 2005 8:01 am

otherwise, adding that should fix the problem and handle what i would like it to--even though the get isn't showing a refer?
jayhawk785
 
Posts: 3
Joined: Sat Feb 19, 2005 10:44 am

Postby jayhawk785 » Sun Feb 20, 2005 9:31 am

that rule did the same thing, the vhost images.domain.com could not be seen, when coming from domain.com or www.domain.com.

The script is accessing those files directly - i need to block anything from being able to get to them without being referred via the primary domain.

URL scrambling would probably work if anyone cares to help me out on that one...
jayhawk785
 
Posts: 3
Joined: Sat Feb 19, 2005 10:44 am

Postby Caterham » Tue Feb 22, 2005 12:47 pm

So you're using this right now on images.domain.com?
Code: Select all
SetEnvIfNoCase Referer "^$" local_ref=1
SetEnvIfNoCase Referer "^http://(www\.)?whatever\.com" local_ref=1
<FilesMatch "\.(zip|jpg)">
Order Allow,Deny
Allow from env=local_ref
</FilesMatch>



Otherwise try mod_rewrite here (in the vhost for images.domain.com)
Code: Select all
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?whatever\.com [NC]
RewriteRule ^.+\.(zip|jpg)$ - [F]
Caterham
 
Posts: 690
Joined: Fri Dec 10, 2004 1:30 pm


Return to Security with Mod_Rewrite

Who is online

Users browsing this forum: No registered users and 9 guests

cron