[geeks] Apache rewrite-fu sought

Michael Parson mparson at bl.org
Wed Jun 20 15:39:10 CDT 2007


On Wed, Jun 20, 2007 at 04:35:31PM -0400, Phil Stracchino wrote:
> I have a problem user who has been trying to use his account here as a
> quite widely-published music server (and not only that, for copyrighted
> Warner Bros themes).  Aside from the potential liability, he's been
> sucking up huge chunks of my outgoing bandwidth.  I've slapped his hand
> and told him to sin no more, and chmod'd all the offending files 000,
> but I'm seeking to guard against further abuse.  Once I get it working
> in the first place, I'll add a condition to block by MIME types, but for
> the moment I'm just filename matching.
> 
> Here's a sample request:
> 
> hobbs.pgcps.org - - [19/Jun/2007:13:59:15 -0400] "GET
> /sirpuppy/gummibears.mp3 HTTP/1.1" 200 283888
> "http://www.profilelist.net/mc/mp3player.swf?config=http://www.profilelist.net/mc/config/config_green.xml&mywidth=435&myheight=270&file=http:"
> "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR
> 1.1.4322; InfoPath.1; .NET CLR 2.0.50727)"
> 
> 
> I have the following quite simple interim rule to match it:
> 
> RewriteEngine on
> RewriteCond %{REQUEST_URI} ^.*sirpuppy.*mp3$ [NC]
> RewriteRule .* - [L,F]
> 
> this is about the umpteenth revision of the rule, which ...  still
> doesn't work.
> 
> Can anyone suggest why?

I had a similar problem with people on the net linking to images on my server w/o 
permission:

# prevent hotlinking/deeplinking
#
# From:
# http://kim.biyn.com/Linux/how_to_prevent_hotlinking_images_on_apache_server_using_mod_rewrite

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?bl.org/.*$ [NC]
RewriteRule \.(gif|jpe?g|png|bmp|ico)$ - [F]

-- 
Michael Parson
mparson at bl.org



More information about the geeks mailing list