Tim wrote:
>Next I'm working on mod_rewrite-like referrer checking that will issue
>a 403 error if the referrer isn't the same as the host domain (or empty).
^^^^^^^^
(from Re: Automatic vhosts, based on directories)
> You still allow for referrers that are empty (which is what happens
^^^^^ ^^^^^
> when paranoid people turn off referrers or a proxy server blocks them).
could you please check those two statements of yours?
when i read the first one i was going to ask you about it, but in
the other thread it seems you perfectly understand the issue there.
Thorben Thuermer
(one of the paranoid, who set up his proxy to filter referrers and
still had to hack his browser to send fake ones)
