htaccess的只接受来自特定HTTP_REFERER交通 [英] htaccess only accept traffic from specific http_referer
问题描述
我试图建立,将实现以下一个htaccess文件:
仅允许我的网站是如果观看用户从特定域来了看(链接)
因此,例如。我有一个名为域。 protect.mydomain.com。我只希望人们从unprotected.mydomain.comm的链接来能够访问protect.mydomain.com。
最大的悬而未决的问题我有是,如果你从unprotected.mydomain.com得到protect.mydomain.com并点击该转到另一个页面下protect.mydomain.com那么protect.mydomain.com一个链接我送回到我的重定向,因为HTTP_REFERER是protect.mydomain.com。因此,要打击,我把一个检查,以允许引荐是protect.mydomain.com为好。它不工作,并访问来自世界各地允许的。这是我的htaccess文件。 (这一切都是在HTTPS)
RewriteEngine叙述上
的RewriteBase /
的RewriteCond%{HTTP_REFERER} ^ HTTPS:(。+ \)// * MYDOMAIN \ .COM
的RewriteCond%1 ^(保护|无保护)!\ $
重写规则^ * $ https://unprotected.mydomain.com/ [R = 301,L]
正在匹配您的引用者对 ^ https://开头(。+ \)* MYDOMAIN \ .COM 。这意味着如果一些完全其它部位,比如 http://stealing_your_images.com/ 链接的东西在 protect.mydomain.com ,第一个条件会失败,因此请求永远不会重定向到 https://unprotected.mydomain.com/ 。你想从另一个方向靠近它,只允许特定的查阅情况穿过,然后重定向一切:
RewriteEngine叙述上
的RewriteBase /
#允许这些查阅情况,以直通
的RewriteCond%{HTTP_REFERER} ^ https://开头(保护|无保护)\ .mydomain \ .COM
重写规则^ - [L]
#重定向一切
重写规则^ https://unprotected.mydomain.com/ [R,L]
I'm trying to set up a htaccess file that would accomplish the following:
Only allow my website to be viewed if the viewing user is coming from a specific domain (link)
So, for instance. I have a domain called. protect.mydomain.com . I only want people coming from a link on unprotected.mydomain.comm to be able to access protect.mydomain.com.
The big outstanding issue I have is that if you get to protect.mydomain.com from unprotected.mydomain.com and click on a link in the protect.mydomain.com that goes to another page under protect.mydomain.com then I get sent back to my redirect because the http_referer is protect.mydomain.com . So to combat that I put in a check to allow the referrer to be protect.mydomain.com as well. It's not working and access is allowed from everywhere. Here is my htaccess file. (All this is under https)
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_REFERER} ^https://(.+\.)*mydomain\.com
RewriteCond %1 !^(protect|unprotected)\.$
RewriteRule ^.*$ https://unprotected.mydomain.com/ [R=301,L]
You are matching your referer against ^https://(.+\.)*mydomain\.com. Which means if some completely other site, say http://stealing_your_images.com/ links to something on protect.mydomain.com, the first condition will fail, thus the request is never redirected to https://unprotected.mydomain.com/. You want to approach it from the other direction, only allow certain referers to pass through, then redirect everything else:
RewriteEngine On
RewriteBase /
# allow these referers to passthrough
RewriteCond %{HTTP_REFERER} ^https://(protect|unprotected)\.mydomain\.com
RewriteRule ^ - [L]
# redirect everything else
RewriteRule ^ https://unprotected.mydomain.com/ [R,L]
这篇关于htaccess的只接受来自特定HTTP_REFERER交通的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
