 |
|
|
|
|
|
|
|
|
|
|||||||
 |
|
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
|
|
2005-03-28, 11:55 AM
|
#1 | |
|
The only guys who wear Hawaiian shirts are gay guys and big fat party animals
Join Date: Jan 2004
Posts: 178
 |
Quote:
which includes a bunch of meaningless BS that does nothing. For example, look at thr last couple of atoms of this line: RewriteCond %{HTTP_REFERER} !^http://yourdomain.com/.*$ [NC] The last bit says "anything, then the end of the string". Well that's pointless, if anything and everything is allowed all the way to the end all that crap should be left off. Also that ruleset is quite repetitive, making it terribly inefficient. Instead the rules should be combined. For example, these two: RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://yourdomain.com/.*$ [NC] One allows it with a "www" "subdomain", the other allow it without. They should be combined into one rule that allows it with or without: RewriteCond %{HTTP_REFERER} !^http://(www\.)+yourdomain.com/.*$ [NC] As mentioned before, other subdomain besides www are also possible, so rather than just "www." we allow letters, numbers, and dots: RewriteCond %{HTTP_REFERER} !^http://([a-z0-9]\.)+yourdomain.com/.*$ [NC] As mentioned above, the "allow anything at all after the domain name" part is pointless, as it matches anywhere in the target string, so we get rid of that: RewriteCond %{HTTP_REFERER} !^http://([a-z0-9]\.)+yourdomain.com/ [NC] The only thing left is that there may or may not be a slash, and only if there is a slash can you have anything else. This is to avoid allowing http://yourdomain.com.hacker.com or: http://yourdomain.comedyhack.com "Allow only if" requires a bit that looks a little complex: RewriteCond %{HTTP_REFERER} !^http://([a-z0-9]\.)+yourdomain.com(/.*)?$ [NC] BTW, when deciding who to listen to on this stuff, whether to follow the advice of someone who "found something" which "seems to work" or of someone ellse who seems to actually know what this stuff means, take a look at the Contributors file for mod_rewrite and see which of the people posting in this thread helped write the part of Apache that we're dealing with. |
|
|
|
|
2005-03-28, 12:45 PM
|
#2 | ||
|
a.k.a. Sparky
Join Date: Sep 2004
Location: West Palm Beach, FL, USA
Posts: 2,396
|
Quote:
Quote:
__________________
SnapReplay.com a different way to share photos - iPhone & Android |
||
|
|
|
|
2005-03-28, 12:59 PM
|
#3 | |
|
The only guys who wear Hawaiian shirts are gay guys and big fat party animals
Join Date: Jan 2004
Posts: 178
|
Quote:
before releasing it publically. Perhaps you should benchmark it before you presume to tell me how my own software works. Indeed, simply parsing the extra line in the .htaccess uses more cycles before it even compiles the regex and starts looking for a match. The directives are read from .htaccess line by line, which means that each character is checked to see if it's a newline. It takes an extra 50 character comparisons just to read the line, even before it's recognized as a condititon at all. On the other hand the regex engine must make only 2 comparisons to see whether the next character is a "w" or a "y". Indeed once your extra regex is compiled it's on the order of 2,000 times slower. |
|
|
|
|
|
|
|
Hybrid Mode
