[SATLUG] hostile referer

Charles Hogan cd_satl at futuretechsolutions.com
Tue Mar 31 11:31:41 CDT 2009


This looks like a fun one to work out.  From your post, I am going to 
assume that domain-b.com is an entirely hostile entity and that no links 
referrals from them are to be trusted, and should all get pointed to a 
"bad-referer.html".

I would use apache's mod_rewrite in this case, starting with the 
following directives, and tweaking from there.

RewriteEngine On
ReWriteCond %{HTTP_REFERER} *.domain-b.com
RewriteRule .* http://domain-a.com/bad-referer.html

Documentation for mod_rewrite:
http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html

Nice guide for writing rewrite rules, (including a better referer-based 
deflector, almost all the way to the bottom of the page):
http://httpd.apache.org/docs/1.3/misc/rewriteguide.html

Hope this helps.

Charlie

Borries Demeler wrote:
> We have a problem with a domain name. 
> 
> Here is an example:
> 
> Let's say we have a domain called domain-a.com
> Now someone else created a new domain called domain-b.com. It has been
> set up to forward to our domain-a.com. However, all URL's that would
> normally show up under domain-a.com, are now always showing up
> as domain-b.com.
> 
> Example: if I click on the link for myfile.html on the domain-a.com
> website, I get a URL that shows up as http://domain-a.com/myfile.html,
> if I go to https://domain-a.com/login.php, I see exactly this URL in
> the URL bar.
> 
> However, when I come in through domain-b.com, and click on the link
> for myfile.html, I get http://domain-b.com in the URL, nothing else, 
> and myfile.html never shows in the URL tab.
> Ditto for the secure login link. Even though it goes through the https
> link, this is hidden from the user, and the URL still shows "http://domain-b.com".
> 
> Question: short of contacting the domain provider, is there a way that I
> can:
> 
> 1. block any referrals to my website, domain-a.com, from domain-b.com?
> 
> or:
> 
> 2. force any referrals to my website from domain-b.com to be rewritten
> in the URL tab to be domain-a.com/whatever.html, incl. the secure login
> link? The owner of domain-b.com is hostile to us, and so we don't
> want to have to deal with him.
> 
> We have tried a few options, but so far no cigar. We need a solution quick!
> 
> Thanks for any help, -b.


More information about the SATLUG mailing list