RE: rewrite rule for apache

["Arian J. Evans" <arian.evans () anachronic com>]

> -----Original Message-----
> From: bituman [mailto:bituman () enerla net] 
>
> I want to protect a directory, better to say its contents 
> from people downloading it, 
> if the are not coming from a specified page.
> Now, i understand, that the following code redirect 
> *vicodin.* to a standard error page.

This shouldn't be thought of as a "protection", but more
like a search engine interference, or anti-leeching mechanism.
Since there are a myriad of ways someone could forge
the REFERER field of the HTTP Header...
 
> RewriteEngine on
> RewriteCond %{HTTP_REFERER} 
> ^(http://)?(www\.)?.*(-|.)vicodin(-|.).*$ [NC,OR]
> < ...lots of other rules go here...>
> RewriteRule .* - [F,L]
>
> What rewrite rules should i use if i want users from 
> index.php?option=login to access the content and everyone 
> else to redirected to the standard error page?
> Is it even possible to use get style params in the referer field?

Yeah, it's just a regex. You can Google TONS of docs on
this pretty quickly. Here's an example (I haven't tested,
YMMV) if you wanted to verify the REFERER field for an URL
param and then lacking that param, rewrite the request URI
based upon conditions like file extension (brackets commented):

/*IfModule mod_rewrite.c*/
        RewriteEngine on
        RewriteCond %{HTTP_REFERER} !^$
        RewriteCond %{HTTP_REFERER}
!^http(s)?://(www\.)?index.php(\?)option=login [NC]
        RewriteCond %{REQUEST_URI} !^/avatar/leech.gif [NC]
        RewriteRule \.(gif|jpg|jpeg|png|bmp|swf)$
http://www.anachronic.com/images/avatar/leech.gif [R,NC] 
/*/IfModule*/

1. Turns on
2. Catches blank referer
3. Catches your URL param
4. Ignores custom error URI
5. Rewrites URI based upon specific content (extensions) requested

You could also add frame-busting code here, or many other
things, all of which you should find pretty quickly with
our friend Google.

Arian J. Evans
Software Security Person
+1.913.378.3571 [mobile]

"See? That was nothing. But that's how it
always begins. Very small." -Egg Shen




-------------------------------------------------------------------------
Sponsored by: Watchfire

As web applications become increasingly complex, tremendous amounts of 
sensitive data - personal, medical and financial - are exchanged, and 
stored. Consumers expect and demand security for this information. This 
whitepaper examines a few vulnerability detection methods - specifically 
comparing and contrasting manual penetration testing with automated 
scanning tools. Download "Automated Scanning or Manual Penetration 
Testing?" today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmm
--------------------------------------------------------------------------