[22227] in bugtraq
RE: Are your mod_rewrite rules doing what you expect?
daemon@ATHENA.MIT.EDU (Riddoch, John ESITI-ISEP-3)
Mon Aug 13 11:04:54 2001
Message-ID: <C19D2288420DD31197B50008C70D8DC30221AE5B@abes9999.is.shell.co.uk>
From: "Riddoch, John ESITI-ISEP-3" <John.E.Riddoch@is.shell.com>
To: bugtraq@securityfocus.com
Date: Mon, 13 Aug 2001 17:00:17 +0200
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
> This can be fixed by modifying your ReWriteRule directives to
> reflect this
> behavior:
>
> RewriteCond %{HTTP_REFERER} !^http://www\.yoursite\.com$
> RewriteRule ^/*images/.* - [G]
>
> Which will match multiple occurences of "/" in the path of
> the HTTP request.
It will for the case of http://www.yoursite.com//images/file.gif but not for
http://www.yoursite.com/images//file.gif (which would have the same result).
Based on your syntax above, the second line should be:
RewriteRule ^/*images/*.* - [G]
