tags:

views:

63

answers:

1
Q: 

Redirect certain requests if referer not from same page?

I'm quite sure this has been asked before but I can't for the life of me find anything.

A client of mine has a number of pages that we closed to the public today. Because image URLs associated with those pages are still valid (the pages must continue to be visible internally for maintenance), the page is obviously still fully visible from the Google cache, which understandably annoys my client.

I would like to fix this using a mod_rewrite directive, 403'ing or 404'ing any requests to that image directory that do not have a REFERER that starts with that site's domain (i.e. are hotlinked to by the pages in the cache).

Update: This works for me!

RewriteCond %{REQUEST_URI} ^/imagedir
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain\.com [NC]
RewriteRule .*  - [F,L]
A: 

Hi,

The HTTP_REFERER header is often filtered out by security software and proxies because it's seen as a privacy issue. Before proceeding, examine logs and look at the percentage of requests which has the HTTP_REFERER set and do an impact analysis before proceeding.

You can change google's behaviour using robots.txt and also utilize cache-control. It probably take some time before it's out of the index. Use this next time you have a 'campaign' that way the issue you're facing wont't happen again :-)

http://www.robotstxt.org/

The answer is on stackoverflow's sister site:

http://serverfault.com/questions/71020/modrewrite-how-do-i-check-the-httpreferers-querystring

tovare  2010-01-30 22:57:36
Cheers @tovare, yes, both robots.txt and cache-control are already in place for next time :) In this very special case, it's o.k. to go ahead and filter by HTTP_REFERER, because the site is closed and the limited number of people allowed to access the pages does not use security software.
Pekka  2010-01-30 23:00:08
Ok ... then go ahead :) Cheers
tovare  2010-01-30 23:07:33
Thanks for the SF link! Would +1 but i'm out of votes for today.
Pekka  2010-01-30 23:09:28
Best answer is the better kudos :) Thanks.
tovare  2010-01-30 23:24:36

related questions

How do I add a MIME type to .htaccess?
Difference between the Apache HTTP Server and Apache Tomcat?
How do I support SSL Client Certificate authentication?
Why can't I connect to my CAS server with Perl's AuthCAS?
Cleanest & Fastest server setup for Django
Installing Apache Web Server on 64 Bit Mac
Running Apache alongside another web server?
Algorithm behind MD5Crypt
Can you compile Apache HTTP Server and redeploy its binaries to a different location ?
mod_rewrite rule to redirect all requests except for one specific path
How do I create a self signed SSL certificate to use while testing a web app.
Software for Webserver Log Analysis?
What is the difference between an endpoint, a service, and a port when working with webservices?
What are the proper permissions for an upload folder with PHP/Apache?
mod_rewrite to alias one file suffix type to another
How do you redirect HTTPS to HTTP?
Using mod_rewrite to Mimic SSL Virtual Hosts?
User authentication on Resin webserver
How do you set up Python scripts to work in Apache 2.0?
Block user access to internals of a site using HTTP_REFERER
.htaccess directives to *not* redirect certain URLs
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP