https://redmine.lighttpd.net/https://redmine.lighttpd.net/favicon.ico?13667327412007-01-20T03:21:36Zlighty labsLighttpd - Feature #984: error matching null http referrerhttps://redmine.lighttpd.net/issues/984?journal_id=23212007-01-20T03:21:36ZAnonymous
<ul></ul><p>Sorry for bad formatting.</p>
<pre>
# deny access for all image stealers
$HTTP["referer"] !~ "^($|http://www\.example\.org)" {
url.access-deny = ( ".jpg", ".jpeg", ".png" )
}
</pre>
<p>the intention of configuration above is to block hotlinking from other sites and NULL referrer, but user could still download the files with NULL http referrer.</p>
<p>e.g.</p>
<p>1. wget --referer="" <a class="external" href="http://www.example.org/test/1.png">http://www.example.org/test/1.png</a></p>
<p>2. wget <a class="external" href="http://www.example.org/test/1.png">http://www.example.org/test/1.png</a></p>
<p>generally default referrer is null, that means user can simply use browser/any http client to download files.</p> Lighttpd - Feature #984: error matching null http referrerhttps://redmine.lighttpd.net/issues/984?journal_id=23222007-03-21T14:03:30ZAnonymous
<ul></ul><p>try:</p>
<pre>
# if referrer doesnt begin with http://www.example.org
$HTTP["referer"] !~ "^http://www\.example\.org" {
url.access-deny = ( ".jpg", ".jpeg", ".png" )
}
</pre>
<p>-- phadej</p> Lighttpd - Feature #984: error matching null http referrerhttps://redmine.lighttpd.net/issues/984?journal_id=23232007-04-02T09:24:56Zjwmcglynn
<ul></ul><p>The problem that you are having is a regex that matches the wrong pattern. Use phadej's example for your purposes.</p>
<p>I'm changing this to an enhancement -- checking if a conditional wasn't supplied in the request is a useful feature, like handling HTTP/1.0 clients that don't send a Host header like so:</p>
<pre>
$HTTP["host"] is null {
server.document-root = "/blah"
}
</pre> Lighttpd - Feature #984: error matching null http referrerhttps://redmine.lighttpd.net/issues/984?journal_id=23242008-09-23T18:58:57Zstbuehler
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Fixed</i></li><li><strong>Resolution</strong> set to <i>wontfix</i></li></ul><p>i see no problem handling not existing and empty headers in the same way in the config:</p>
<pre>
$HTTP["host"] == "" {
[...]
}
</pre> Lighttpd - Feature #984: error matching null http referrerhttps://redmine.lighttpd.net/issues/984?journal_id=48122008-10-10T19:05:02Zstbuehler
<ul><li><strong>Status</strong> changed from <i>Fixed</i> to <i>Wontfix</i></li></ul> Lighttpd - Feature #984: error matching null http referrerhttps://redmine.lighttpd.net/issues/984?journal_id=137202023-12-31T05:30:45Zgstrauss
<ul><li><strong>Description</strong> updated (<a title="View differences" href="/journals/13720/diff?detail_id=11250">diff</a>)</li><li><strong>ASK QUESTIONS IN Forums</strong> set to <i>No</i></li></ul>