The Referer header is very unreliable an can easily be faked by anyone wanting to submit a form from a different domain.
You can't put variables in the pattern part of RewriteRules or RewriteConds.
You can either hard code the domain name
- Code: Select all
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^POST$ [NC]
RewriteCond %{HTTP_REFERER} !^(http://(www\.)?example\.com(/.*)?)?$ [NC]
RewriteRule .* /backend_error.php [L]
Or try (this may not work depending on your Apache version)
- Code: Select all
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^POST$ [NC]
RewriteCond %{HTTP_HOST}/%{HTTP_REFERER} !^www\.([^/]+)/(http://(www\.)?\1(/.*)?)?$ [NC]
RewriteCond %{HTTP_HOST}/%{HTTP_REFERER} !^([^/]+)/(http://(www\.)?\1(/.*)?)?$ [NC]
RewriteRule .* /backend_error.php [L]