Forum
ImageReferer
marco
19 July 2013, 17:10
Hiawatha version: 9.2
Operating System: Linux X64
Version 9.1 got rid of ImageReferer, why?
What is the alternative solution to replace that behavior?
How would the re-write rule look?
Operating System: Linux X64
Version 9.1 got rid of ImageReferer, why?
What is the alternative solution to replace that behavior?
How would the re-write rule look?
Hugo Leisink
19 July 2013, 20:05
The reason for removal is because the Header option of the UrlToolkit can do the same.
Header Referer !.*www.yourdomain.com/.* Redirect http://www.yourdomain.com/dont_steal_bandwidth.jpg
marco
19 July 2013, 21:21
Yes, that is true, but it now binds a UrlToolKit to a given specific domain name.
Before, I was able to use generic wildcards in my URLtookit
and the only reference to a specific DNS was in the Virtual Host area.
Now I need to have my UseToolkit reference a different toolkit and only change them based on Header DNS refererence, thus causing me to maintain more UrlToolkit structures.
Any ideas on how to make the Header Referer DNS generic and not force me to write a URL toolkit for each different DNS that I want to allow
Before, I was able to use generic wildcards in my URLtookit
and the only reference to a specific DNS was in the Virtual Host area.
Now I need to have my UseToolkit reference a different toolkit and only change them based on Header DNS refererence, thus causing me to maintain more UrlToolkit structures.
Any ideas on how to make the Header Referer DNS generic and not force me to write a URL toolkit for each different DNS that I want to allow
marco
19 July 2013, 21:48
Header Referer !.*www.yourdomain.com/.* Redirect http://www.yourdomain.com/dont_steal_bandwidth.jpg
This line does not pass the startup script and issues an error, this not allowing the daemon to start up.
This line does not pass the startup script and issues an error, this not allowing the daemon to start up.
marco
27 July 2013, 21:49
Hugo, any chance you could re-state that Header Referer line above? it does not pass the startup script test and triggers an error so hiawatha will not start.
Header Referer !.*www.yourdomain.com/.* Redirect http://www.yourdomain.com/dont_steal_bandwidth.jpg
Thanks,
marco
Header Referer !.*www.yourdomain.com/.* Redirect http://www.yourdomain.com/dont_steal_bandwidth.jpg
Thanks,
marco
marco
27 July 2013, 21:51
I was hoping to also have a line that just blocked everything from a domain, not just www. *.anydomain.com
Header Referer !.*.yourdomain.com/.* Redirect http://www.yourdomain.com/image/empty.gif
Header Referer !.*.yourdomain.com/.* Redirect http://www.yourdomain.com/image/empty.gif
Hugo Leisink
27 July 2013, 22:43
I forgot. The ! is not allowed when using Rewrite or Redirect. Will fix it in the next release. Until then:
Header Referer .*\.anydomain.com/.* Return
Match .* Redirect http://www.yourdomain.com/dont_steal_bandwidth.jpg
marco
28 July 2013, 03:48
Where is the source code file for this logic located? I want to peek around a little.
Unless you are going to have a release soon, I may want to fix this sooner.
Unless you are going to have a release soon, I may want to fix this sooner.
Hugo Leisink
28 July 2013, 07:57
The code can be found in src/toolkit.c. This is the patch for the changes I've made so far:
187,190d186
< if (new_rule->neg_match) {
< return false;
< }
<
327,330d322
< if (new_rule->neg_match) {
< return false;
< }
<
346,349d337
< if (new_rule->neg_match) {
< return false;
< }
<
669c657
< if (regexec(&(rule->pattern), header, 0, NULL, 0) == 0) {
---
> if (regexec(&(rule->pattern), header, REGEXEC_NMATCH, pmatch, 0) == 0) {
739c727,731
< if (do_rewrite(url, &(rule->pattern), pmatch, rule->parameter, &(options->new_url), rule->match_loop) == -1) {
---
> if (rule->neg_match) {
> if ((options->new_url = strdup(rule->parameter)) == NULL) {
> return UT_ERROR;
> }
> } else if (do_rewrite(url, &(rule->pattern), pmatch, rule->parameter, &(options->new_url), rule->match_loop) == -1) {
803c795,799
< if (do_rewrite(url, &(rule->pattern), pmatch, rule->parameter, &(options->new_url), rule->match_loop) == -1) {
---
> if (rule->neg_match) {
> if ((options->new_url = strdup(rule->parameter)) == NULL) {
> return UT_ERROR;
> }
> } else if (do_rewrite(url, &(rule->pattern), pmatch, rule->parameter, &(options->new_url), rule->match_loop) == -1) {
marco
28 July 2013, 16:04
Ok, Here is my current configuration file. Does this jib with your understanding
after applying the patch you supplied above?
Do you feel this fully replaces ImageReferer from before?
Or do you see any holes/weaknesses in this configuration.
after applying the patch you supplied above?
Do you feel this fully replaces ImageReferer from before?
Or do you see any holes/weaknesses in this configuration.
UrlToolkit {
ToolkitID = devredir
Match \.(css|js|jpg|jpeg|png|gif|bmp|jar|svg|pdf|zip|swf|apk) Redirect http://www.dev.org/empty.gif
Match \.(css|js|jpg|jpeg|png|gif|bmp|jar|svg|pdf|zip|swf|apk)\? Redirect http://www.dev.org/empty.gif
}
UrlToolkit {
ToolkitID = rpzdev
#Cache the image files for 5 years
Match \.(jpg|jpeg|png|gif|bmp|svg) Expire 60 months
Match \.(jpg|jpeg|png|gif|bmp|svg)\? Expire 60 months
#Any foreign referers, check to see if they want an image
Header referer !.*.dev.org/.* Call devredir
#/image/logo/ndlogo.png
Match \.(css|js|jpg|jpeg|png|gif|bmp|jar|svg|pdf|zip|swf|apk) Return
#/image/logo/ndlogo.png?psv=3%
Match \.(css|js|jpg|jpeg|png|gif|bmp|jar|svg|pdf|zip|swf|apk)\? Return
#RequestURI isfile Return
#Match ^/(favicon.ico|robots.txt|sitemap.xml)$ Return
#All the usual GET traffic is handled with the following line
Match .*\?(.*) Rewrite /index.java?url=$1
#Prevent 405 Not Allowed POST calls with below entry
Match .* Rewrite /index.java
}
Hugo Leisink
28 July 2013, 20:40
Change !.*.dev.org/.* to !.*\.dev\.org/.* and it should be fine.
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
