>>>>> "bobmin" == bobmin <[EMAIL PROTECTED]> writes:
bobmin> Now I'm faced with an issue of an outright copyright
bobmin> violation where someone has basically copied all 500+ pages of
bobmin> our site. Unfortunately the odds of being able to prosecute
bobmin> the violators are slim as the country they are in rarely pays
bobmin> attention to western copyright laws. So what I need to do is
bobmin> somehow fix this lockout routine so that this bogus website
bobmin> cannot remotely execute our script. Its got to be something
bobmin> that they cannot lift from the html code. Is there some
bobmin> variable in the environment that is ALWAYS returned that I can
bobmin> test for? I don't want to lock out the people who's system
bobmin> doesn't provide a referer just because of one bad apple.
Even if you did lock out all non-referers, it's trivial to write a
script to provide the proper referer. I've done it a few times,
even in one of my columns, so the word is out there.
Referer is just a hint. Log it for approximate data, but NEVER NEVER
NEVER use it for authentication or authorization, as you have
discovered. It can be absent, wrong, or just plain forged trivially.
You can block an IP range or domain name from any access to your site
using the webserver's restrictions. Go read. :)
--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<[EMAIL PROTECTED]> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
