On 03.06.2014 21:05, Brad Harris wrote:
Design error, because, the Referer is fakeable and makes the logon page not neccessary ...I've been trying to configure a website to send a 403 forbidden error unless the user comes from a specific website/domain, which is a logon page hosted on another server.
RewriteEngine On
# this is the domain hosting the login page
RewriteCond %{HTTP_REFERER} !logon_domain.com [NC]
# this is the domain hosting the WordPress site
RewriteCond %{HTTP_REFERER} !wordpress_site.com [NC]
RewriteRule .* - [F]
ErrorDocument 403 http://logon_domain.com/Login.aspx
The last line of my rewrite error log:
forcing responsecode 403 for /var/www/html/...
the match strings are wrong, should be !^http://....$ Walter
smime.p7s
Description: S/MIME Cryptographic Signature
