LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-31-2007, 06:04 PM   #1
mlapl1
LQ Newbie
 
Registered: Jun 2007
Posts: 16

Rep: Reputation: 0
.htaccess referer restrictions


Dear All,

I am using the code at the end of this message to restrict access to a specific directory and sub-directories. The code is supposed to return a 403 error if direct access to the files identified by the extensions below is attempted - and it is supposed to allow access to those files if the referring website is mydomain.com.

I am specifically interested in accessing pdf files (last on the list) and Acrobat seems to choke when I connect from the correct referring site. This does not seem to happen with other applications such as MSWord.

I have not played with this for some time but was under the impression that this arrangement worked very well in the past in other places where I tried to block direct access.

Now I discover that even referrals from mydomain.com fail. I can access pdf files if I remove them from the .htaccess list and they get blocked if I add them back. It seems to make no difference if I open a new window or not. I am sure that this worked in the past.

I am using Apache 2.x and Linux Fedora Core 4 on a VPS to which I have root access - I am not very experienced with .htaccess and would appreciate any help.

Thanks - Andrew

***************** CODE begins ***************
Options All -Indexes

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://www.mydomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://mydomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mydomain.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://mydomain.com$ [NC]
RewriteRule .*\.(php|htm|html|inc|jpg|jpeg|gif|png|bmp|swf|mpg|avi|wav|mp3|zip|tgz|bak|doc|pdf)$ - [F,NC]
 
Old 08-31-2007, 07:08 PM   #2
jiml8
Senior Member
 
Registered: Sep 2003
Posts: 3,171

Rep: Reputation: 116Reputation: 116
try this:

RewriteRule (.*)\.(php|htm|html|inc|jpg|jpeg|gif|png|bmp|swf|mpg|avi|wav|mp3|zip|tgz|bak|doc|pdf)$ - [F,L]

I don't *think* you can use NC in this line. Pay attention to the parens I placed in front.

edit:

Actually, that list of extensions looks pretty comprehensive. I actually don't see anything that COULD be accessed. If it is your intent to block everyone who tries to deep link, you might just use this line:

RewriteRule .* - [F,L]

You also could simplify your rewrite rules like this: replace all 4 lines you have with this one:

RewriteCond %{HTTP_REFERER} !(mydomain) [NC]

This picks up all the variants that you want to pick up, though it also would pick up things you didn't intend such as mydomainrules.com

Last edited by jiml8; 08-31-2007 at 07:14 PM.
 
Old 09-01-2007, 08:29 AM   #3
mlapl1
LQ Newbie
 
Registered: Jun 2007
Posts: 16

Original Poster
Rep: Reputation: 0
Thank you so much - it all seems to be working - Andrew
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
.htaccess referer problem mlapl1 Linux - Newbie 0 08-30-2007 04:17 PM
selective referer blocking feature? jiml8 General 2 01-14-2007 01:05 PM
Referer HTTP Headers and Squid win32sux Linux - Networking 0 09-17-2005 03:02 PM
cannot determine conf location from referer safescott Linux - General 1 06-12-2004 11:13 PM
Restrictions X3781 Linux - General 1 01-07-2003 12:55 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:02 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration