Bug #803
nesting $HTTP["referer"] inside of $HTTP["url"] does not work
| Status: | Fixed | Start: | ||
| Priority: | Low | Due date: | ||
| Assigned to: | - | % Done: | 0% |
|
| Category: | core | |||
| Target version: | 1.4.17 | |||
| Pending: | No |
Resolution: | duplicate |
|
Description
This works:
$HTTP["url"] =~ "^/images/" {
url.access-deny = ( ".jpg", ".jpeg", ".png", ".gif" )
}
This works:
$HTTP["referer"] !~ "^($|http://www\.fussball-forum\.de)" {
url.access-deny = ( ".jpg", ".jpeg", ".png", ".gif" )
}
This does not work:
$HTTP["url"] =~ "^/images/" {
$HTTP["referer"] !~ "^($|http://www\.fussball-forum\.de)" {
url.access-deny = ( ".jpg", ".jpeg", ".png", ".gif" )
}
}
All requests will be served, none denied.
-- alisencer (ät) gmail.com
History
08/08/2006 08:41 PM - Anonymous
Is there any chance that this will change?
My situation is as follows: We want to protect against hotlinking - but only from that subdirectory (images). We offer other image material, like Banners etc. from other directories where we encourage people to hotlink.
I can currently think of working around this by moving them to different domains, so it's not critical - but it would be nice.
Also you mention it is expected - are there any hints (without reading code) to find out which conditional-nesting can work and which one would not. Thanks. :)
-- alisencer (et) gmail com
08/29/2006 08:50 AM - Anonymous
I think this should work:
$HTTPreferer !~ "^($|http://www\.fussball-forum\.de)" {
$HTTPurl =~ "^/images/" {
url.access-deny = ( ".jpg", ".jpeg", ".png", ".gif" )
}
}
-- Nicolae Namolovan
10/20/2007 06:04 PM - Anonymous
- Status changed from Fixed to Need Feedback
- Resolution deleted (
fixed)
Why this doesn't deny access to http://jsdev.ru/book/javascript-bible.zip with NO referer ?
$HTTPurl =~ "^/book/(.*)\.zip$" {
$HTTPreferer !~ "jsdev\.ru$" {
url.access-deny = ( "" )
}
}Seems bug still open ?
-- iliakan