Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Apache and referrers |
|
| Author |
|
Wade Levene
Joined: 01 Apr 2008
Posts: 1
|
 Posted: Tue 01 Apr '08 16:02 Post subject: Apache and referrers |
 |
|
Hello,
I am trying to configure my Apache server to drop external referrers from all HTTP requests to my domain. As an example, my website is SiteA.com. If a visitor comes with a referrer from SiteB.com, Is there any way to drop the referrer so it doesn't get passed along to my site and its scripts?
Thanks. |
|
| Back to top |
|
tdonovan
Moderator
Joined: 17 Dec 2005
Posts: 611
Location: Milford, MA, USA
|
| Posted: Tue 01 Apr '08 23:01 Post subject: |
|
|
You could set an Apache environment variable if the Referer host is "{something.something.}SiteA.com", and delete the Referer header if this environment variable is not set.
Come to think of it, you might also want to add "localhost" and "127.0.0.1" to the list of allowed referer sites.
For example:
| Code: | LoadModule headers_module modules/mod_headers.so
LoadModule setenvif_module modules/mod_setenvif.so
...
SetEnvIf Referer "^https?://(\w+\.)*SiteA\.com[:/]" mySite
SetEnvIf Referer "^https?://localhost[:/]" mySite
SetEnvIf Referer "^https?://127\.0\.0\.1[:/]" mySite
RequestHeader unset Referer env=!mySite |
Note that the regex:* handles both "http:" and "https:"
* allows any number of "word." prefixes to "SiteA.com", e.g. "www.SiteA.com"
* will recognize either "SiteA.com/" or "SiteA.com:80/" style URLs
Hope this helps...
-tom- |
|
| Back to top |
|
|
|
|
|
|
