[SATLUG] hostile referer

Borries Demeler demeler at biochem.uthscsa.edu
Tue Mar 31 13:49:28 CDT 2009


Charles and Travis,

thanks so much for your help, I think Jeremy has the problem contained now.

Much appreciated, I knew I could find an apache expert on this list who would 
have a good suggestion :-)

Thanks guys, -b.
> 
> This looks like a fun one to work out.  From your post, I am going to 
> assume that domain-b.com is an entirely hostile entity and that no links 
> referrals from them are to be trusted, and should all get pointed to a 
> "bad-referer.html".
> 
> I would use apache's mod_rewrite in this case, starting with the 
> following directives, and tweaking from there.
> 
> RewriteEngine On
> ReWriteCond %{HTTP_REFERER} *.domain-b.com
> RewriteRule .* http://domain-a.com/bad-referer.html
> 
> Documentation for mod_rewrite:
> http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html
> 
> Nice guide for writing rewrite rules, (including a better referer-based 
> deflector, almost all the way to the bottom of the page):
> http://httpd.apache.org/docs/1.3/misc/rewriteguide.html
> 
> Hope this helps.
> 
> Charlie
> 
> Borries Demeler wrote:
> > We have a problem with a domain name. 
> > 
> > Here is an example:
> > 
> > Let's say we have a domain called domain-a.com
> > Now someone else created a new domain called domain-b.com. It has been
> > set up to forward to our domain-a.com. However, all URL's that would
> > normally show up under domain-a.com, are now always showing up
> > as domain-b.com.
> > 
> > Example: if I click on the link for myfile.html on the domain-a.com
> > website, I get a URL that shows up as http://domain-a.com/myfile.html,
> > if I go to https://domain-a.com/login.php, I see exactly this URL in
> > the URL bar.
> > 
> > However, when I come in through domain-b.com, and click on the link
> > for myfile.html, I get http://domain-b.com in the URL, nothing else, 
> > and myfile.html never shows in the URL tab.
> > Ditto for the secure login link. Even though it goes through the https
> > link, this is hidden from the user, and the URL still shows "http://domain-b.com".
> > 
> > Question: short of contacting the domain provider, is there a way that I
> > can:
> > 
> > 1. block any referrals to my website, domain-a.com, from domain-b.com?
> > 
> > or:
> > 
> > 2. force any referrals to my website from domain-b.com to be rewritten
> > in the URL tab to be domain-a.com/whatever.html, incl. the secure login
> > link? The owner of domain-b.com is hostile to us, and so we don't
> > want to have to deal with him.
> > 
> > We have tried a few options, but so far no cigar. We need a solution quick!
> > 
> > Thanks for any help, -b.
> -- 
> _______________________________________________
> SATLUG mailing list
> SATLUG at satlug.org
> http://alamo.satlug.org/mailman/listinfo/satlug to unsubscribe
> Powered by Rackspace (www.rackspace.com)
> 



More information about the SATLUG mailing list