Block referer or referrer
by "Insurance Squared" <gcooke(at)insurancesquared.com>
|
| Date: |
Thu, 12 Jul 2001 08:50:42 -0400 |
| To: |
<hwg-servers(at)hwg.org> |
| |
todo: View
Thread,
Original
|
|
Hi
I need to be able to prevent certain web pages from calling scripts on my
server. I don't have access to modifying the script so I must block by
other means. I have set up the following in httpd.conf:
<VirtualHost *>
******* SetEnvIfNoCase Referer ^701 bad_guys=Remote_Host
ServerName www.somethingcom
ServerAlias something.com
DocumentRoot /home/something/www.something.com/
CustomLog /home/something/logs/www.something.com.log combined
<Directory "/home/something/www.something.com/cgi-bin">
AllowOverride All
Options None ExecCGI
AddHandler cgi-script .cgi .pl
Order allow,deny
Allow from all
******** Deny from env=bad_guys
</Directory>
</VirtualHost>
where the referrer I am trying block is contains 701, something like
http://701.domain.com/callingpage.html. This didn't prevent the access.
Q: What am I doing wrong?
Q: If I need to block other web pages from calling this script, can I add a
block of SetEnvIfNoCase statements?
Q: While investigating it seems that there are Perl modules I can install
that will redirect instead of blocking. I didn't follow this path because
it seemed less elegant (and out of fear, as I haven't done anything like
that before). Should I instead be looking into this area further?
Any thoughts are appreciated - and could I ask for a cc as I am on digest?
Thank you,
Glenn
HWG: hwg-servers mailing list archives,
maintained by Webmasters @ IWA