Mod Rewrite

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • PrettyCarla
    Confirmed User
    • Dec 2002
    • 144

    #1

    Mod Rewrite

    Hello,

    we had had always used on our AVS and small paysites following kind of apache mod rewrite .htaccess file:

    Options FollowSymLinks
    AuthType Basic
    RewriteEngine On
    RewriteCond %{HTTP_REFERER} !^http://OUR DOMAIN/* [NC]
    RewriteCond %{HTTP_REFERER} !^http://PASSWORD CHECK DOMAIN/* [NC]
    RewriteRule /* http://ERROR URL[R,L]

    It was good we did not need to use any password management or further php programming. Last 3 years it worked well also in cases when surfer wanted to save content and used "save target as" function in browser.

    But approximately last month we got several references it stopped work in this case. I checked and truly: it seems "save target" option does not send HTTP_REFERRER any more.

    I am confused. If it were server misconfigurations, it wouldn't happen to 3 different companies at same time (ProTGP, Interaid, Ontime Online). If it were client browser misconfigurations, it wouldn't happen to all people at same time including me without making any browser setting change!

    We do not want to allow access when referrer is blank, because we have many former members who are trying access content directly. But it is also bad when surfer doesn't know how to save video file (i.e media player does not have save possibility, only other way is search through temporary) he may download the same file five or six times what costs him time and bandwith us.

    Can any apache guru help with this?
    Last edited by PrettyCarla; 02-01-2003, 09:03 AM.
  • juicylinks
    So Fucking Banned
    • Apr 2001
    • 122992

    #2
    Can we see a picture of your tits?

    Comment

    • wimpy
      Confirmed User
      • Jan 2003
      • 607

      #3
      Originally posted by PrettyCarla
      approximately last month we got several references it stopped work in this case. I checked and truly: it seems "save target" option does not send HTTP_REFERRER any more.

      I am confused. If it were server misconfigurations, it wouldn't happen to 3 different companies at same time (ProTGP, Interaid, Ontime Online).
      I'm no expert on this stuff, but whenever one of my servers suddenly stops doing something it's been doing, and I have not upgraded anything, it usually means I've been hacked. Some root kits aren't very good and often some functions stop working.

      3 different companies? Do you mean 3 different servers? If 3 servers then yes, less likely to be a hack, but if the 3 are configured the same they might all have the same exploit, so all 3 hacked is not unreasonable.
      Fyodor Dostoyevsky wrote: "Every man has reminiscences which he would not tell to everyone but only his friends. He has other matters in his mind which he would not reveal even to his friends, but only to himself, and that in secret. But there are other things which a man is afraid to tell even to himself, and every decent man has a number of such things stored away in his mind."

      icq 8243657

      Comment

      • dalem
        Registered User
        • Feb 2003
        • 3

        #4
        I had the same Problem exept it was sending serfers to the fobidin access page in a continius loopand I was going crazy trying to figure out what was wrong then by accident i found it was my new firewall program I turned it off and it worked fine

        so if you and your surfers are using a firewall for ythere internet connection it might be the problem

        I haven't used .htaccess since. If you know of a solution for avs let me know becase a lot of surfers use firewalls now

        Comment

        Working...