I have also tried
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^$
RewriteCond %{HTTP_REFERER} !^http://(10\.20\.30\.40)/.*$ [NC]
RewriteRule ^/restricted/.+ - [F]
And
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(10\.20\.30\.40)/.*$ [NC]
RewriteRule ^/restricted/.+ - [F]
As well. I think the the first conditional like should have been removed
but I left it there during some of the test cases.
Still it doesn't work.
Gary
On 5/31/05 11:46 AM, "Arne Heizmann" <Arne.Heizmann@xxxxxxx> wrote:
> Gary W. Smith wrote:
>>
>> I have the following rule in place:
>>
>> RewriteEngine on
>> RewriteCond %{HTTP_REFERER} !^$
>> RewriteCond %{HTTP_REFERER} !^http://(10\.20\.30\.40)/.*$ [NC]
>> RewriteRule ^/restricted/.+ - [F]
>
> So suppose I go in with an empty referrer. The first condition is false.
> Therefore the rule is not applied, therefore I am granted access.
>
> Perhaps you meant ^$ rather than !^$. But notice that testing for empty
> referrer is redundant, because the second condition will already catch
> it. So I guess it's enough to make that your only condition.
>
> Timwi
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|