if you want to use tuckey URLRewriteFilter
<rule>
<name>Blocked Inline-Images</name>
<note>
Assume we have under http://www.quux-corp.de/~quux/ some pages with inlined GIF
graphics. These graphics are
nice, so others directly incorporate them via hyperlinks to their pages. We
don't like this practice because
it adds useless traffic to our server.
While we cannot 100% protect the images from inclusion, we can at least
restrict the cases where the browser
sends a HTTP Referer header.
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.quux-corp.de/~quux/.*$ [NC]
RewriteRule .*\.gif$ - [F]
</note>
<condition name="referer" operator="notequal">^$</condition>
<condition name="referer"
operator="notequal">^http://www.quux-corp.de/~quux/.*$</condition>
<from>.*\.gif$</from>
<to>null</to>
<set type="status">403</set>
</rule>
<rule>
<name>Blocked Inline-Images example 2</name>
<note>
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !.*/foo-with-gif\.html$
RewriteRule ^inlined-in-foo\.gif$ - [F]
</note>
<condition name="referer" operator="notequal">^$</condition>
<condition name="referer" operator="notequal">.*/foo-with-gif\.html$</condition>
<from>^inlined-in-foo\.gif$</from>
<to>null</to>
<set type="status">403</set>
</rule>
the above rule is an example of sniffing HTTP_REFERER for URL not
http://www.quux-corp.de/~quux/.*
in which case a 403 is returned
http://tuckey.org/urlrewrite/manual/2.6/guide.html
HTH
Martin Gainty
______________________________________________
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger
sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung
oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem
Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung.
Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung
fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le
destinataire prévu, nous te demandons avec bonté que pour satisfaire informez
l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est
interdite. Ce message sert à l'information seulement et n'aura pas n'importe
quel effet légalement obligatoire. Étant donné que les email peuvent facilement
être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité
pour le contenu fourni.
> Date: Thu, 11 Jun 2009 10:37:10 -0400
> From: d...@newfield.org
> To: user@struts.apache.org
> Subject: Re: Return to previous page without javascript
>
> Stefano Tranquillini wrote:
> > i want to do a thing. When a user do the login (i've the login in the left
> > part of the web site, so in each pages the user can do the login) i want to
> > redirect he at the pages that was visit before the login.
> > how can i do that? (no JS)
>
> Nobody mentioned that the page from which any form is submitted is
> usually told to the server by the browser even without sticking it in a
> hidden field (which is more easily spoofed). The HTTP specification
> misspelled it as the "referer" field, and you can ask the request object
> for the value. http://en.wikipedia.org/wiki/HTTP_referrer
>
> -Dale
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
>
_________________________________________________________________
Windows Live™ SkyDrive™: Get 25 GB of free online storage.
http://windowslive.com/online/skydrive?ocid=TXT_TAGLM_WL_SD_25GB_062009
