After a little playing around, I have come up with this bit of code that you can stick in your httpd.conf file for protecting yourself from people linking to avatars and attachments from other servers.
Unfortunately, it requires both PHP as an Apache module, and mod_rewrite compiled in. However, it will save any calls to those PHP scripts, so very little processor overhead.
The best way to demonstrate it is with an example for this server:
You will have to change the path (within the directory tag) and also the URLs that you want to allow - this particular setup will allow vbforums.com www.vbforums.com or the IP address 161.58.186.97 .
It is turned on here, so please feel free to test it out.
John
Unfortunately, it requires both PHP as an Apache module, and mod_rewrite compiled in. However, it will save any calls to those PHP scripts, so very little processor overhead.
The best way to demonstrate it is with an example for this server:
Code:
<directory /www/sites/vbforums.com/htdocs> <files avatar.php> RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://vbforums.com [NC] RewriteCond %{HTTP_REFERER} !^http://www.vbforums.com [NC] RewriteCond %{HTTP_REFERER} !^http://161\.58\.186\.97 [NC] RewriteRule avatar.php [F] </files> <files attachment.php> RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://vbforums.com [NC] RewriteCond %{HTTP_REFERER} !^http://www.vbforums.com [NC] RewriteCond %{HTTP_REFERER} !^http://161\.58\.186\.97 [NC] RewriteRule attachment.php [F] </files> </directory>
It is turned on here, so please feel free to test it out.
John
Comment