My apologies if this has been discussed in the past.

A lot of sites do not wish for their images, or other content, to be linked
to from outside of thier site. If they use Apache and the mod_rewrite
module, they usually have a directive, or several directives, in their
httpd.conf like:

RewriteCond %{HTTP_REFERER} !^http://www\.yoursite\.com.*$
RewriteRule ^/images/.* - [G]

I have found that it is possible to circumvent the above rule by
constructing your link like:

http://www.yoursite.com//images/image.jpg

The web browser will then make an HTTP request like "GET
//images/image.jpg" HTTP/1.0", which does not match this rewrite rule, but
is still valid.

This does not appear to be a bug with mod_rewrite or even Apache proper,
but it looks like it's inherited from either the filesystem driver, or
perhaps your operating system's libc, which, at least on UNIX systems that
I am familiar with, handles multiple occurences of "/" in a pathname as
though it were a single "/".

This can be fixed by modifying your ReWriteRule directives to reflect this
behavior:

RewriteCond %{HTTP_REFERER} !^http://www\.yoursite\.com$
RewriteRule ^/*images/.* - [G]

Which will match multiple occurences of "/" in the path of the HTTP request.

Jeff
www.pimpworks.org

--
"...and the burnt fool's bandaged finger goes wobbling back to the
fire." -Joe Zeff in the SDM.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]