[Mailman-Users] Apache subscription Referer rules
Bill Cole
mailmanu-20190215 at billmail.scconsult.com
Tue Jan 14 00:19:26 EST 2020
On 10 Jan 2020, at 10:52, Jim Popovitch via Mailman-Users wrote:
> (I think I asked this a few months back, but I couldn't locate any
> emails on it)
>
> What is the Apache rule syntax for rejecting subscription linking that
> doesn't come from the same domain/site?
First step:
Header always set Referrer-Policy "same-origin"
This assures (to the degree that browsers comply with directives
provided in headers) that legitimate internal links and sub-resource
loads have a Referer header (see
https://en.wikipedia.org/wiki/HTTP_referer) which you can use.
The next step is to read
https://httpd.apache.org/docs/2.4/rewrite/access.html#blocked-inline-images
and adapt the example to your site.
--
Bill Cole
bill at scconsult.com or billcole at apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not For Hire (currently)
More information about the Mailman-Users
mailing list