[SATLUG] hostile referer

Jeremy Mann jeremymann at gmail.com
Tue Mar 31 12:26:49 CDT 2009


On Tue, Mar 31, 2009 at 11:31 AM, Charles Hogan
<cd_satl at futuretechsolutions.com> wrote:
> This looks like a fun one to work out.  From your post, I am going to assume
> that domain-b.com is an entirely hostile entity and that no links referrals
> from them are to be trusted, and should all get pointed to a
> "bad-referer.html".
>
> I would use apache's mod_rewrite in this case, starting with the following
> directives, and tweaking from there.
>
> RewriteEngine On
> ReWriteCond %{HTTP_REFERER} *.domain-b.com
> RewriteRule .* http://domain-a.com/bad-referer.html
>
> Documentation for mod_rewrite:
> http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html
>
> Nice guide for writing rewrite rules, (including a better referer-based
> deflector, almost all the way to the bottom of the page):
> http://httpd.apache.org/docs/1.3/misc/rewriteguide.html

Charles, this was the first thing I tried along with HOST and REFERER.
The problem I am seeing is the REFERER in this case, domain-b is
simply forwarding requests from their domain to ours so the logs just
show a http request from domain-b instead of domain-a.

-- 
Jeremy Mann
jeremy at biochem.uthscsa.edu

University of Texas Health Science Center
Bioinformatics Core Facility
http://www.bioinformatics.uthscsa.edu
Phone: (210) 567-2672


More information about the SATLUG mailing list