PHWinfo - Afficher un message

20/03/2005, 07h10

Unattributed authors wrote:

>>> In .htaccess, we can use
>>> SetEnvIfNoCase Referer "^http://mywebsite\.com/" local_ref=1
>>> But how can we specify *.mywebsite.com? For example,
>>> content.mywebsite.com
>>> web.mywebsite.com
>>> pub.mywebsite.com
>>> company.mywebsite.com

Tim <tim@mail.localhost.invalid>

>> The dot is a wildcard in regex expressions, itself. You don't need the
>> asterisk for that sort of thing.

licheng <lichengNoSpam@pchome.com.tw> posted:

> So the correct syntax is ...?

Regex ain't my forte, but I think the answer might be to use .* where you'd
use * as a DOS type of wildcard. (Dot being a wildcard for a single
character where the dot is, * being a ***quantifier*** for 0 or more of the
preceeding.)

e.g. SetEnvIfNoCase Referer ".*mywebsite\.com.*" local_ref=1

Though why still persist with starting with http://, instead of just
looking for mywebsite.com by itself? i.e.

> SetEnvIfNoCase Referer "^http://.mywebsite\.com/" local_ref=1
> SetEnvIfNoCase Referer "^http://.\.mywebsite\.com/" local_ref=1

Precluding the ^ [start with] "http://" preamble, and not insisting on a
trailing slash after the domain, might simplify things.

Looking at the mod_rewrite page of the Apache documents, you might be able
to do something like this: "^http://www|web|pub|company\.mywebsite.\com"
if you wanted more specific matching.

Just off the top of my head, I can't think of a simple way to test wildcard
referrer rules without having access to several domain names to throw at my
webserver. So this is all just theoretical.

NB: I do hope you realise that if you insist browsers have your site as
their referer that it's going to harm some people's use of it. The initial
visit to the site won't have that in the referrer, and only some clients
will provide a referrer as they browse around. And some privacy zealots
will include fake referrer data rather than leave it blank.

--
If you insist on e-mailing me, use the reply-to address (it's real but
temporary). But please reply to the group, like you're supposed to.

This message was sent without a virus, please delete some files yourself.

20/03/2005, 07h10	#4
Tim Messages: n/a Hébergeur:	Re: Possible to use wildcard in.htaccess? Unattributed authors wrote: >>> In .htaccess, we can use >>> SetEnvIfNoCase Referer "^http://mywebsite\.com/" local_ref=1 >>> But how can we specify .mywebsite.com? For example, >>> content.mywebsite.com >>> web.mywebsite.com >>> pub.mywebsite.com >>> company.mywebsite.com Tim <tim@mail.localhost.invalid> >> The dot is a wildcard in regex expressions, itself. You don't need the >> asterisk for that sort of thing. licheng <lichengNoSpam@pchome.com.tw> posted: > So the correct syntax is ...? Regex ain't my forte, but I think the answer might be to use . where you'd use * as a DOS type of wildcard. (Dot being a wildcard for a single character where the dot is, * being a *quantifier* for 0 or more of the preceeding.) e.g. SetEnvIfNoCase Referer ".mywebsite\.com." local_ref=1 Though why still persist with starting with http://, instead of just looking for mywebsite.com by itself? i.e. > SetEnvIfNoCase Referer "^http://.mywebsite\.com/" local_ref=1 > SetEnvIfNoCase Referer "^http://.\.mywebsite\.com/" local_ref=1 Precluding the ^ [start with] "http://" preamble, and not insisting on a trailing slash after the domain, might simplify things. Looking at the mod_rewrite page of the Apache documents, you might be able to do something like this: "^http://www\|web\|pub\|company\.mywebsite.\com" if you wanted more specific matching. Just off the top of my head, I can't think of a simple way to test wildcard referrer rules without having access to several domain names to throw at my webserver. So this is all just theoretical. NB: I do hope you realise that if you insist browsers have your site as their referer that it's going to harm some people's use of it. The initial visit to the site won't have that in the referrer, and only some clients will provide a referrer as they browse around. And some privacy zealots will include fake referrer data rather than leave it blank. -- If you insist on e-mailing me, use the reply-to address (it's real but temporary). But please reply to the group, like you're supposed to. This message was sent without a virus, please delete some files yourself.