Question about .htacces

T

Thomas Wehner

Hello,

i have a little problem with an .htacces file.

The conten ist the following:
--------------------------------------

RewriteEngine on

RewriteCond %{HTTP_REFERER} !^$

RewriteCond %{HTTP_REFERER} !^http://(www\.)?deineHomepage\.de(/.*)?$ [NC]

RewriteRule \.(rar|zip)$ http://www.deineHomepage.de/images/geklaut.gif
[R,L]

------------------------------------

This Script helps protect links / files on webspace. If maybe www.xyz.de
links to an *.rar or *.zip file on my Webspace the user who wanted to
download this file is getting a message that he is not allowed to download,
because he didn't click a link to this file on my webpage.....

Now there is a little problem. If the User makes right click and is coping
the link and paste it into a new Browser Tab, the he is able to Downlaod my
file.

I think, it's because there is no HTTP_REFERER in an new Browser Window. Is
there any wayto change this, maybe if there is no Referer download is't
possible to.


THX
Thomas

PS: Please appologize my bad english
 
B

brucie

In alt.html Thomas Wehner said:
[clasic hotlinking mod_rewrite]
Now there is a little problem. If the User makes right click and is coping
the link and paste it into a new Browser Tab, the he is able to Downlaod my
file.

if you're worried about that then i had better not tell you the other
ways the rewrite doesn't work that are worse.
I think, it's because there is no HTTP_REFERER in an new Browser Window.

many people don't even send a referer or its something interesting
totally unrelated to being a referer.
Is there any wayto change this, maybe if there is no Referer download
is't possible to.

remove this line:

RewriteCond %{HTTP_REFERER} !^$
 
T

Toby Inkster

Thomas said:
Is there any wayto change this, maybe if there is no Referer download is't
possible to.

Yes, but it's a dumb idea because it will block many legitimate accesses.
(e.g. user goes to your page, clicks on the link and his browser passes
the address to his download manager, which doesn't send a referer header.)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,790
Messages
2,569,637
Members
45,346
Latest member
EstebanCoa

Latest Threads

Top