Hello,
we had had always used on our AVS and small paysites following kind of apache mod rewrite .htaccess file:
Options FollowSymLinks
AuthType Basic
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://OUR DOMAIN/* [NC]
RewriteCond %{HTTP_REFERER} !^http://PASSWORD CHECK DOMAIN/* [NC]
RewriteRule /* http://ERROR URL[R,L]
It was good we did not need to use any password management or further php programming. Last 3 years it worked well also in cases when surfer wanted to save content and used "save target as" function in browser.
But approximately last month we got several references it stopped work in this case. I checked and truly: it seems "save target" option does not send HTTP_REFERRER any more.
I am confused. If it were server misconfigurations, it wouldn't happen to 3 different companies at same time (ProTGP, Interaid, Ontime Online). If it were client browser misconfigurations, it wouldn't happen to all people at same time including me without making any browser setting change!
We do not want to allow access when referrer is blank, because we have many former members who are trying access content directly. But it is also bad when surfer doesn't know how to save video file (i.e media player does not have save possibility, only other way is search through temporary) he may download the same file five or six times what costs him time and bandwith us.
Can any apache guru help with this?
we had had always used on our AVS and small paysites following kind of apache mod rewrite .htaccess file:
Options FollowSymLinks
AuthType Basic
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://OUR DOMAIN/* [NC]
RewriteCond %{HTTP_REFERER} !^http://PASSWORD CHECK DOMAIN/* [NC]
RewriteRule /* http://ERROR URL[R,L]
It was good we did not need to use any password management or further php programming. Last 3 years it worked well also in cases when surfer wanted to save content and used "save target as" function in browser.
But approximately last month we got several references it stopped work in this case. I checked and truly: it seems "save target" option does not send HTTP_REFERRER any more.
I am confused. If it were server misconfigurations, it wouldn't happen to 3 different companies at same time (ProTGP, Interaid, Ontime Online). If it were client browser misconfigurations, it wouldn't happen to all people at same time including me without making any browser setting change!
We do not want to allow access when referrer is blank, because we have many former members who are trying access content directly. But it is also bad when surfer doesn't know how to save video file (i.e media player does not have save possibility, only other way is search through temporary) he may download the same file five or six times what costs him time and bandwith us.
Can any apache guru help with this?

Comment