mod_rewrite + flash files

[Richard Clarke <cl...@cs.man.ac.uk>]

Hi,
I have a members area that I need to keep secure just for my url so i have
the following:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://.*domain.com [NC]
RewriteCond %{HTTP_REFERER} !^http://.*ip.ip.ip.ip [NC]
RewriteRule .*$ /404.html

This protects all files and sends to 404.html if it doesn't match my
domain/ip
The problem is flash files dont load either =( I looked at the apache logs
and the REFERER which mod_rewrite uses to check if its a valid connection is
missing. The flash swf file is called without a REFERER from the html page.

Any suggestions to the solution would be appreciated.

Richard Clarke




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: mod_rewrite + flash files

[jon schatz <jo...@divisionbyzero.com>]

On Thu, 2002-02-07 at 10:40, Richard Clarke wrote:
> The problem is flash files dont load either =( I looked at the apache logs
> and the REFERER which mod_rewrite uses to check if its a valid connection is
> missing. The flash swf file is called without a REFERER from the html page.

none of the flash plugins i've ever come in contact with have ever sent
referer headers. and your browser passes the request for the .swf file
off to the plugin once it encounters it in an html page. thus, filtering
/ blocking by referers is pointless for .swf files. i reported this to
macromedia a few months ago, and they weren't to concerned.

-jon

jon@divisionbyzero.com || www.divisionbyzero.com
gpg key: www.divisionbyzero.com/pubkey.asc
think i have a virus?: www.divisionbyzero.com/pgp.html
"You are in a twisty little maze of Sendmail rules, all confusing."