The hash method Denis suggested can be automated to accommodate the creation and decoding of a hash value for any URL, if your URL list changes often.
If the URLs don't change often, there are multiple possible methods: 1) Array method Make a PHP array containing the complete list of URLs to allow (or store the list in a disk file where they're easy to maintain). Compare the incoming query string URL against the list. If it's not in the list, generate a 403 Forbidden error and quit. 2) Switch method Use a switch statement. Create a case for each legal URL. The default case, for illegal URLs, can generate a 403 Forbidden error and quit. 3) .htaccess method (provides additional security) If all the legal URLs are on your site, any URL containing http: // that isn't followed by your domain name is illegal. Create a RewriteRule that gives a 403 error for any incoming request that contains the string http followed by any domain name other than yours. This method can also replace the array and switch methods: modify your RewriteRule (in the RewriteCond's) so that each URL to allow is allowed, but anything else is rejected with a 403. On Nov 20, 10:46 am, truffula <[EMAIL PROTECTED]> wrote: > I'm not sure i understand this - obviously i'm not really up to speed > on my coding or i wouldn't have got myself into this mess in the first > place! > i don't want to take up too much of your time but could you point me > in the direction of some resources for findng outmore about the > technique you describe. > > also - i don't know if this would work, but since all my links are > actually on my site - would a script that checks the referring page > work - if it was not my domaine - the redirect would fail - is this a > good idea or is there some vulnerability to this that the malmongers > could exploit? > > thanks! > > On Nov 19, 12:47 pm, UseShots <[EMAIL PROTECTED]> wrote: > > > > > You might want to add some hash parameter, and then match the hash of > > the URL with the passed hash. Make sure to add some "salt" when > > generating hashes, so that hackers can't generate the hashes > > themselves. > > > Denishttp://www.UnmaskParasites.com- Hide quoted text - > > - Show quoted text - --~--~---------~--~----~------------~-------~--~----~ You received this message through the Google Groups "stopbadware" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/stopbadware?hl=en -~----------~----~----~----~------~----~------~--~---
