Bug #803
closednesting $HTTP["referer"] inside of $HTTP["url"] does not work
Description
This works:
$HTTP["url"] =~ "^/images/" {
url.access-deny = ( ".jpg", ".jpeg", ".png", ".gif" )
}
This works:
$HTTP["referer"] !~ "^($|http://www\.fussball-forum\.de)" {
url.access-deny = ( ".jpg", ".jpeg", ".png", ".gif" )
}
This does not work:
$HTTP["url"] =~ "^/images/" {
$HTTP["referer"] !~ "^($|http://www\.fussball-forum\.de)" {
url.access-deny = ( ".jpg", ".jpeg", ".png", ".gif" )
}
}
All requests will be served, none denied.
-- alisencer (ät) gmail.com
Updated by moo over 17 years ago
you're right, it's a limited design, a expected result.
Updated by Anonymous over 17 years ago
Is there any chance that this will change?
My situation is as follows: We want to protect against hotlinking - but only from that subdirectory (images). We offer other image material, like Banners etc. from other directories where we encourage people to hotlink.
I can currently think of working around this by moving them to different domains, so it's not critical - but it would be nice.
Also you mention it is expected - are there any hints (without reading code) to find out which conditional-nesting can work and which one would not. Thanks. :)
-- alisencer (et) gmail com
Updated by Anonymous over 17 years ago
Updated by Anonymous over 17 years ago
Updated by jan over 16 years ago
- Status changed from New to Fixed
- Resolution set to fixed
fixed in r1942
Updated by Anonymous over 16 years ago
- Status changed from Fixed to Need Feedback
- Resolution deleted (
fixed)
Why this doesn't deny access to http://jsdev.ru/book/javascript-bible.zip with NO referer ?
$HTTP[[url]] =~ "^/book/(.*)\.zip$" {
$HTTP[[referer]] !~ "jsdev\.ru$" {
url.access-deny = ( "" )
}
}Seems bug still open ?
-- iliakan
Updated by stbuehler about 16 years ago
- Status changed from Need Feedback to Fixed
- Resolution set to duplicate
See #1164 for patch.
Also available in: Atom