Feature #984
closederror matching null http referrer
Description
# deny access for all image stealers $HTTP[[referer]] !~ "^($|http://www\.example\.org)" { url.access-deny = ( ".jpg", ".jpeg", ".png" ) }
the intention of configuration above is to block hotlinking from other sites and NULL referrer, but user could still download the files with NULL http referrer.
e.g.
1. wget --referer="" http://www.example.org/test/1.png
2. wget http://www.example.org/test/1.png
generally default referrer is null, that means user can simply use browser/any http client to download files.
-- linlei
Updated by Anonymous almost 18 years ago
Sorry for bad formatting.
# deny access for all image stealers $HTTP["referer"] !~ "^($|http://www\.example\.org)" { url.access-deny = ( ".jpg", ".jpeg", ".png" ) }
the intention of configuration above is to block hotlinking from other sites and NULL referrer, but user could still download the files with NULL http referrer.
e.g.
1. wget --referer="" http://www.example.org/test/1.png
2. wget http://www.example.org/test/1.png
generally default referrer is null, that means user can simply use browser/any http client to download files.
Updated by Anonymous over 17 years ago
try:
# if referrer doesnt begin with http://www.example.org $HTTP["referer"] !~ "^http://www\.example\.org" { url.access-deny = ( ".jpg", ".jpeg", ".png" ) }
-- phadej
Updated by jwmcglynn over 17 years ago
The problem that you are having is a regex that matches the wrong pattern. Use phadej's example for your purposes.
I'm changing this to an enhancement -- checking if a conditional wasn't supplied in the request is a useful feature, like handling HTTP/1.0 clients that don't send a Host header like so:
$HTTP["host"] is null { server.document-root = "/blah" }
Updated by stbuehler about 16 years ago
- Status changed from New to Fixed
- Resolution set to wontfix
i see no problem handling not existing and empty headers in the same way in the config:
$HTTP["host"] == "" { [...] }
Also available in: Atom