Re: mod_rewrite

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Oct 12, 2015 at 3:27 PM, Earl Terwilliger <earl@xxxxxxxxx> wrote:
I am a bit confused about the mod_rewrite documentation. It shows this
rule to block hotlinking:

RewriteCond "%{HTTP_REFERER}" "!^$"
RewriteCond "%{HTTP_REFERER}" "!www.example.com" [NC]
RewriteRule "\.(gif|jpg|png)$"    "-"   [F,NC]

That's not what I see at http://httpd.apache.org/docs/current/mod/mod_rewrite.html but that doesn't really matter. I mention it only to point out that you really should be specific when stating what documentation you are reading. In this case a URL would have been a good idea.

however, I'd think a better rule would be:

RewriteCond "%{HTTP_REFERER}" "^$" [OR]
RewriteCond "%{HTTP_REFERER}" "!(www\.)?example.com/.*$" [OR,NC]
RewriteRule "\.(gif|jpg|png)$"    "-"   [F,NC]

if I want to block anyone manually typing in a link (no referer) +
hotlinking (probably has a referer). Do i need the [OR] on the 1st
RewriteCond and not the 2nd one? It seems to work with OR on both
conditions.

The [OR] on the second RewriteCond does nothing since it isn't followed by another RewriteCond. You also don't need the first RewriteCond since by definition an empty HTTP_REFERER won't match pattern.

--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux