Need Help to block and allow apache http access based on HTTP_REFERER

Giganews Newsgroups
Subject: Need Help to block and allow apache http access based on HTTP_REFERER
Posted by:  Mohan Sihra (mo.sih…@gmail.com)
Date: Tue, 1 Mar 2011

Hi,

I have a site and want to reduce the chances of hotlinking.
Here is the URL of my site https://dev1.mydomain.com/App1/logon.jsp.
When user enter this URL in their browser they get prompted for
username and password.

Scenario 1: I want to allow them when user enter https://dev1.mydomain.com/App1/logon.jsp.
Scenario 2: A user sends an email to someone with a link such as
https://dev1.mydomain.com/App1/Admin/Administration.do. User should
not be able to open this link. Means to block this.

I tried it to do this with:

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https://dev1.mydomain.com/App1/.*$
[NC]
RewriteRule ^.*$ - [F]

This does not work. it blocks the images and authentication does not
work.

If the HTTP_REFERER is empty then user should not get access and if
the HTTP_REFERER is https://dev1.mydomain.com/App1 then user should
get access to app. Problem is when we enter https://dev1.mydomain.com/App1/logon.jsp
the HTTP_REFERER is empty same as when a user opens the link
https://dev1.mydomain.com/App1/Admin/Administration.do.

Can someone help me to block and allow access based on HTTP_REFERER?
Thanks in advance.

Replies