Dirty and Quickie deep linking prevention

Giorgos Keramidas keramida at ceid.upatras.gr
Sat Sep 26 21:36:04 EEST 2009 

On Fri, 25 Sep 2009 16:40:28 +0300, Christos Ricudis <ricudis at itc.auth.gr> wrote:
> Exete bare8ei na linkarei olo to sympan to directory sas me tis
> 452973493 lolcats apo diafora hli8ia forums?
>
> Taiste tous ena Cthulhu Goatse!

> use strict;
> use Apache2::RequestRec ();
> use Apache2::Log ();
> use APR::Table ();
> use Apache2::Const -compile => qw(DECLINED);
>
> sub handler {
>  my $r = shift;
>
>  my $kot=$r->uri();
>  my $lala=$r->headers_in->{Referer} || '';
>  my $isimage=0;
>  my $islinked=0;
>
>  if
> (!($lala=~m/.*(localhost|myserver|127.0.0.1|192.168|mydomain.com).*/i))
> {
>    $islinked=1;
>  }
>
>  if ($kot=~m/(.*)\/pictures\/lolcats\/(.*)\.jpg/i) {
>    $isimage=1;
>  }
>
>  if (($islinked==1)&&($isimage==1)) {
>    $r->uri("/cthulhu-goatse.jpg");
>    $r->log_error("Bad referer $lala linked to $kot, fed him a
> goatse-cthulhu");
>  }
>
>  return Apache2::Const::DECLINED;

On Sat, 26 Sep 2009 21:10:01 +0300, Christos Ricudis <ricudis at itc.auth.gr> wrote:
> 2) Sou dinei mia teleia aformh na grafeis perl snippets se public
> mailing lists, mpainontas sto rou8ouni enos ekatommyriou pythontzhdwn
> pou petagontai meta kai arxizoun pali ta 1002 epixeirhmata gia to oti
> h dikia tous agaphmenh glwssa exei megalytera byzia apo th dikia sou.

Γαμηστερή η ιδέα, αλλά δεν είναι πρόβλημα η γλώσσα:

    from mod_python import apache
    import re

    myhosts = [ r"localhost", r"myserver", r"127\.0\.0\.1", r"192\.168.*", r"mydomain.com" ]
    lolcats = r"(.*)\/pictures\/lolcats\/(.*)\.jpg"

    hre = None                  # regexp matching our own hosts
    mre = None                  # regexp matching lolcat uri paths
    try:
        hre = re.compile(r".*(" + "|".join(myhosts) + r").*")
        mre = re.compile(lolcats)
    except Exception:
        pass

    def requesthandler(req):
        if mre and hre:
            uri = req.uri
            ref = req.headers_in['Referer']
            if not hre.match(ref) and mre.match(uri):
                req.uri = "/cthulhu-goatse.jpg"
        return apache.DECLINED

Στη συγκεκριμένη περίπτωση η Python έχει μικρότερα βυζιά, αλλά με πιο
σφριγηλές και παιχνιδιάρικες ρώγες.  Περί ορέξεως όμως Jenna Jameson.

More information about the Linux-greek-users mailing list