08-11-2003 09:03 AM - edited 03-09-2019 04:23 AM
Is it possible to block incoming web traffic based on the http_referrer? We are finding more and more sites that are linking to images on our site and I would like to try and block this traffic to eliminate bandwidth stealing. I would like to dump this at the firewall and have it be blocked. Some of recommended writing an ISAPI filter to block this at the webserver level. If possible I want it blocked further up the chain.
TIA.
Tim
Solved! Go to Solution.
08-11-2003 10:19 AM
It is specific to the http protocol, and possibly even a specific web site - conceivably a web hoster could have 100s of web sites on the same web server, each of which might want different configurations for such image hijacking. The pix really isn't an application level firewall, and even those that are (checkpoint, raptor, etc), probably don't offer such a setting.
For IIS, an ISAPI filter might be your only option. I have never had to deal with this probably, but recall hearing that this is a pain to deal with with IIS, whereas with apache it can be dealt with in the out of the box package (no add on isapi filters), IIRC
08-11-2003 09:22 AM
No, the pix doesn't not have application level features like that. This is generally a web server configuration problem.
08-11-2003 09:27 AM
Just curious why you would say that it is a web configuration problem? I would think that you would want to block traffic as far out on the network as you can. Are there other options that I am apparently not aware of that will help me here? We are running IIS5 and I am not aware of an easy way to do what I am asking. Is an ISAPI filter the only way it can be done? TIA.
08-11-2003 10:19 AM
It is specific to the http protocol, and possibly even a specific web site - conceivably a web hoster could have 100s of web sites on the same web server, each of which might want different configurations for such image hijacking. The pix really isn't an application level firewall, and even those that are (checkpoint, raptor, etc), probably don't offer such a setting.
For IIS, an ISAPI filter might be your only option. I have never had to deal with this probably, but recall hearing that this is a pain to deal with with IIS, whereas with apache it can be dealt with in the out of the box package (no add on isapi filters), IIRC
08-11-2003 10:24 AM
Thanks for your input! I was hoping to block it at the perimeter somehow. Time to get a web filter!
Tim
08-11-2003 05:27 PM
Here's some good links to set this up:
08-12-2003 12:00 AM
These are great. I have searched for these previously and found nothing! I must not have used the correct words! I will be looking at each of these. Thank you.
Tim
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: