Gary W. Smith wrote:
I have the following rule in place:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(10\.20\.30\.40)/.*$ [NC]
RewriteRule ^/restricted/.+ - [F]
So suppose I go in with an empty referrer. The first condition is false. Therefore the rule is not applied, therefore I am granted access.
Perhaps you meant ^$ rather than !^$. But notice that testing for empty referrer is redundant, because the second condition will already catch it. So I guess it's enough to make that your only condition.
Timwi ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. ********************************************************************** --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|