You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Selmer Ausland <se...@shawcable.com> on 2003/12/09 02:29:24 UTC
[users@httpd] Mod-rewrite
Hello Group;
Second post, no answer to the first one. Can anyone give me some
idea if this is correct, or???
I am running Apache 2.0.48 on a Windows NT 4.0 server. I have a
number of name-based virtual hosts and directories. I would like to use
the following mod-rewrite rule to prevent others from linking to
graphics, .mid .wav .avi .mpegs from my server.
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://mydomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mydomain.com/.*$ [NC]
RewriteRule
.*\.(gif|GIF|jpg|JPG|mid|MID|wav|WAV|mp3|MP3|avi|AVI|mpeg|MPEG)$ - [F]
Is this setup feasable? Can I add it to my main httpd config file, or,
should it be set up on a per VH, or, Directory basis?
I have set it up in my main httpd config file (Apache 2.0.48) on a test
server and it seems to work, at least Apache re-starts after I installed
it. Whether it prevents linking to my graphics and .mid .wav etc is
another question.
As you have probably guessed I am new to Mod Rewrite except
for what I have read in the docs.
Any comments good, or, bad would be appreciated.
P.S. I would also like to set up mod rewrite to ban spam robots from my
root directory as well, but, first things first.
Selmer Ausland
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Mod-rewrite
Posted by Selmer Ausland <se...@shawcable.com>.
Robert Andersson wrote:
>
> Selmer Ausland wrote:
> > RewriteEngine on
> > RewriteCond %{HTTP_REFERER} !^$
> > RewriteCond %{HTTP_REFERER} !^http://mydomain.com/.*$ [NC]
> > RewriteCond %{HTTP_REFERER} !^http://www.mydomain.com/.*$ [NC]
>
> You could combine the last two into the expression:
>
> RewriteCond %{HTTP_REFERER} !^http://[^.]*\.?mydomain\.com/ [NC]
>
> > RewriteRule .*\.(gif|GIF|[...snip...]|mpeg|MPEG)$ - [F]
>
> You could (and should) use the NC flag here as well:
>
> RewriteRule \.(gif|jpg|mid|wav|mp3|avi|mpeg)$ [NC,F]
>
> > Is this setup feasable?
>
> I think so.
>
> > Can I add it to my main httpd config file, or, should it be set up on a
> per
> > VH, or, Directory basis?
>
> To whatever context you want it to apply. Do you want these rules to apply
> to all requests to the server, then by all means put in in the main server.
> Or, if you want it only on particular hosts or directories, then place the
> rules there.
>
> Regards,
> Robert Andersson
********************************************************************************
Thanks for your comments and assistance Robert. I will have to test this
a bit and see how things work out. I will post the results.
Selmer
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Mod-rewrite
Posted by Selmer Ausland <se...@shawcable.com>.
Jeff White wrote:
>
> From: "Robert Andersson"
>
> > Selmer Ausland wrote:
> > > RewriteEngine on
> > > RewriteCond %{HTTP_REFERER} !^$
> > > RewriteCond %{HTTP_REFERER} !^http://mydomain.com/.*$ [NC]
> > > RewriteCond %{HTTP_REFERER} !^http://www.mydomain.com/.*$ [NC]
> >
> > You could combine the last two into the expression:
> >
> > RewriteCond %{HTTP_REFERER} !^http://[^.]*\.?mydomain\.com/ [NC]
> >
> > > RewriteRule .*\.(gif|GIF|[...snip...]|mpeg|MPEG)$ - [F]
> >
> > You could (and should) use the NC flag here as well:
> >
> > RewriteRule \.(gif|jpg|mid|wav|mp3|avi|mpeg)$ [NC,F]
> >
> > > Is this setup feasable?
> >
> > I think so.
> >
> > > Can I add it to my main httpd config file, or, should it be set up
> on a
> > per
> > > VH, or, Directory basis?
> >
> > To whatever context you want it to apply. Do you want these rules to
> apply
> > to all requests to the server, then by all means put in in the main
> server.
> > Or, if you want it only on particular hosts or directories, then
> place the
> > rules there.
> >
>
> Were any Windows Scripting tests performed
> to see what happens when a user uses Windows
> Scripting and the XmlHttp object to set the request
> headers to whatever or the free .NET CSharp?
>
> Windows Scripting with VBScript scripts.
>
> Adjust the scripts to your needs, then save
> the VBScript script file to any folder. Then
> in a command prompt window set to the
> VBScript script's folder, use the Windows
> Script Host (WSH) engine cscript.exe
> by typing:
>
> cscript.exe VBScriptFileName.vbs
>
> Remember one can also use the script
> language of your desire with the Windows
> Script Host (WSH) engines.
>
> <quote>
>
> Specifies the name of an HTTP header.
>
> </quote>
>
> setRequestHeader Method (IXMLHTTPRequest)
> http://msdn.microsoft.com/library/en-us/xmlsdk/htm/xml_mth_sz_3hh0.asp
>
> For more information:
>
> Retrieving a Web Page
> http://www.microsoft.com/technet/scriptcenter/other/scroth16.asp
>
> DemoGetImageStream.vbs
> http://groups.google.com/groups?&selm=uIwLEi5hCHA.1960%40tkmsftngp12&rnum=1
>
> Microsoft Script Center
> http://www.microsoft.com/technet/scriptcenter/default.asp
>
> An ONLINE version of the 1328 page Scripting Guide:
> Microsoft Windows 2000 Scripting Guide
> http://www.microsoft.com/technet/scriptcenter/scrguide/sagsas_overview.asp
>
> C# and the Web: Writing a Web Client Application with
> Managed Code in the Microsoft .NET Framework
> http://msdn.microsoft.com/msdnmag/issues/01/09/cweb/default.aspx
>
> WebClient.Headers Property
> http://msdn.microsoft.com/library/en-us/cpref/html/frlrfSystemNetWebClientClassHeadersTopic.asp
>
> .NET Framework Downloads
> http://msdn.microsoft.com/library/default.asp?url=/downloads/list/netdevframework.asp
>
> Jeff
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
*****************************************************************************
Hi Jeff;
Not sure if your comments wer meant for my post or someone else. If
it was for me, then you lost me completely on the last turn????? Let me
know please.
Thanks.
Selmer
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Mod-rewrite
Posted by Selmer Ausland <se...@shawcable.com>.
Joshua Slive wrote:
>
> On Wed, 10 Dec 2003, Jeff White wrote:
> > From: "Robert Andersson"
> > > The point of the rules is to *reduce* the effects of "hot linking",
> > not
> > > *prohibit* it. I very much doubt that very many people are going to
> > code
> > > scripts to get Selmer's images without being troubled visiting his
> > pages,
> > > nor that it is a problem if a handfull do.
> > >
> >
> > So everyone understood it was said,
> > "Lock the doors to your house, but
> > leave the "Windows" open!"
>
> You still don't understand Jeff. Referer blocking works because the
> people you are trying to restrict are the people who make the pages
> containing the inline-links to your images. Those people do not control
> the browsers that are used to access their pages. So by restricting based
> on referer, you will break their page for 99% of browsers. The fact that
> 1% will see their page fine isn't going to help them.
>
> It is true that blocking based on browser-controlled characteristics (like
> user-agent) is rarely effective. It is effective in this case because you
> are not targetting browsers, you are targetting page authors.
**************************************************************************************
Thanks Joshua, Jeff and Richard. Your help is really appreciated!!
Have a great Holiday Season!!!!! : - )
Selmer
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Mod-rewrite
Posted by Joshua Slive <jo...@slive.ca>.
On Wed, 10 Dec 2003, Jeff White wrote:
> From: "Robert Andersson"
> > The point of the rules is to *reduce* the effects of "hot linking",
> not
> > *prohibit* it. I very much doubt that very many people are going to
> code
> > scripts to get Selmer's images without being troubled visiting his
> pages,
> > nor that it is a problem if a handfull do.
> >
>
> So everyone understood it was said,
> "Lock the doors to your house, but
> leave the "Windows" open!"
You still don't understand Jeff. Referer blocking works because the
people you are trying to restrict are the people who make the pages
containing the inline-links to your images. Those people do not control
the browsers that are used to access their pages. So by restricting based
on referer, you will break their page for 99% of browsers. The fact that
1% will see their page fine isn't going to help them.
It is true that blocking based on browser-controlled characteristics (like
user-agent) is rarely effective. It is effective in this case because you
are not targetting browsers, you are targetting page authors.
>
> An ONLINE version of the 1328 page Scripting Guide:
> Microsoft Windows 2000 Scripting Guide
> http://www.microsoft.com/technet/scriptcenter/scrguide/sagsas_overview.asp
Man, you are funny. Have you ever heard the expression
"When your only tool is a hammer, every problem looks like a nail"?
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Mod-rewrite
Posted by Jeff White <jl...@earthlink.net>.
From: "Robert Andersson"
> Jeff White wrote:
> > Were any Windows Scripting tests performed
> > to see what happens when a user uses Windows
> > Scripting and the XmlHttp object to set the request
> > headers to whatever or the free .NET CSharp?
>
> No, not by me at least. I fail to see the purpose of such test, as I
am very
> confident that it is possible to get around the rules by any HTTP
API
> (including XmlHttp). The only meaningful tests of the rules are with
the
> most common browsers.
>
XmlHTTP is the world's number one browser's guts!
> The point of the rules is to *reduce* the effects of "hot linking",
not
> *prohibit* it. I very much doubt that very many people are going to
code
> scripts to get Selmer's images without being troubled visiting his
pages,
> nor that it is a problem if a handfull do.
>
So everyone understood it was said,
"Lock the doors to your house, but
leave the "Windows" open!"
An ONLINE version of the 1328 page Scripting Guide:
Microsoft Windows 2000 Scripting Guide
http://www.microsoft.com/technet/scriptcenter/scrguide/sagsas_overview.asp
Jeff
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Mod-rewrite
Posted by Robert Andersson <ro...@profundis.nu>.
Jeff White wrote:
> Were any Windows Scripting tests performed
> to see what happens when a user uses Windows
> Scripting and the XmlHttp object to set the request
> headers to whatever or the free .NET CSharp?
No, not by me at least. I fail to see the purpose of such test, as I am very
confident that it is possible to get around the rules by any HTTP API
(including XmlHttp). The only meaningful tests of the rules are with the
most common browsers.
The point of the rules is to *reduce* the effects of "hot linking", not
*prohibit* it. I very much doubt that very many people are going to code
scripts to get Selmer's images without being troubled visiting his pages,
nor that it is a problem if a handfull do.
Regards,
Robert Andersson
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Mod-rewrite
Posted by Jeff White <jl...@earthlink.net>.
From: "Robert Andersson"
> Selmer Ausland wrote:
> > RewriteEngine on
> > RewriteCond %{HTTP_REFERER} !^$
> > RewriteCond %{HTTP_REFERER} !^http://mydomain.com/.*$ [NC]
> > RewriteCond %{HTTP_REFERER} !^http://www.mydomain.com/.*$ [NC]
>
> You could combine the last two into the expression:
>
> RewriteCond %{HTTP_REFERER} !^http://[^.]*\.?mydomain\.com/ [NC]
>
> > RewriteRule .*\.(gif|GIF|[...snip...]|mpeg|MPEG)$ - [F]
>
> You could (and should) use the NC flag here as well:
>
> RewriteRule \.(gif|jpg|mid|wav|mp3|avi|mpeg)$ [NC,F]
>
> > Is this setup feasable?
>
> I think so.
>
> > Can I add it to my main httpd config file, or, should it be set up
on a
> per
> > VH, or, Directory basis?
>
> To whatever context you want it to apply. Do you want these rules to
apply
> to all requests to the server, then by all means put in in the main
server.
> Or, if you want it only on particular hosts or directories, then
place the
> rules there.
>
Were any Windows Scripting tests performed
to see what happens when a user uses Windows
Scripting and the XmlHttp object to set the request
headers to whatever or the free .NET CSharp?
Windows Scripting with VBScript scripts.
Adjust the scripts to your needs, then save
the VBScript script file to any folder. Then
in a command prompt window set to the
VBScript script's folder, use the Windows
Script Host (WSH) engine cscript.exe
by typing:
cscript.exe VBScriptFileName.vbs
Remember one can also use the script
language of your desire with the Windows
Script Host (WSH) engines.
<quote>
Specifies the name of an HTTP header.
</quote>
setRequestHeader Method (IXMLHTTPRequest)
http://msdn.microsoft.com/library/en-us/xmlsdk/htm/xml_mth_sz_3hh0.asp
For more information:
Retrieving a Web Page
http://www.microsoft.com/technet/scriptcenter/other/scroth16.asp
DemoGetImageStream.vbs
http://groups.google.com/groups?&selm=uIwLEi5hCHA.1960%40tkmsftngp12&rnum=1
Microsoft Script Center
http://www.microsoft.com/technet/scriptcenter/default.asp
An ONLINE version of the 1328 page Scripting Guide:
Microsoft Windows 2000 Scripting Guide
http://www.microsoft.com/technet/scriptcenter/scrguide/sagsas_overview.asp
C# and the Web: Writing a Web Client Application with
Managed Code in the Microsoft .NET Framework
http://msdn.microsoft.com/msdnmag/issues/01/09/cweb/default.aspx
WebClient.Headers Property
http://msdn.microsoft.com/library/en-us/cpref/html/frlrfSystemNetWebClientClassHeadersTopic.asp
.NET Framework Downloads
http://msdn.microsoft.com/library/default.asp?url=/downloads/list/netdevframework.asp
Jeff
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Mod-rewrite
Posted by Robert Andersson <ro...@profundis.nu>.
Selmer Ausland wrote:
> RewriteEngine on
> RewriteCond %{HTTP_REFERER} !^$
> RewriteCond %{HTTP_REFERER} !^http://mydomain.com/.*$ [NC]
> RewriteCond %{HTTP_REFERER} !^http://www.mydomain.com/.*$ [NC]
You could combine the last two into the expression:
RewriteCond %{HTTP_REFERER} !^http://[^.]*\.?mydomain\.com/ [NC]
> RewriteRule .*\.(gif|GIF|[...snip...]|mpeg|MPEG)$ - [F]
You could (and should) use the NC flag here as well:
RewriteRule \.(gif|jpg|mid|wav|mp3|avi|mpeg)$ [NC,F]
> Is this setup feasable?
I think so.
> Can I add it to my main httpd config file, or, should it be set up on a
per
> VH, or, Directory basis?
To whatever context you want it to apply. Do you want these rules to apply
to all requests to the server, then by all means put in in the main server.
Or, if you want it only on particular hosts or directories, then place the
rules there.
Regards,
Robert Andersson
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org