On 10 Jan 2020, at 10:52, Jim Popovitch via Mailman-Users wrote:
(I think I asked this a few months back, but I couldn't locate any
emails on it)
What is the Apache rule syntax for rejecting subscription linking that
doesn't come from the same domain/site?
First step:
Header always set Referrer-Policy "same-origin"
This assures (to the degree that browsers comply with directives
provided in headers) that legitimate internal links and sub-resource
loads have a Referer header (see
https://en.wikipedia.org/wiki/HTTP_referer) which you can use.
The next step is to read
https://httpd.apache.org/docs/2.4/rewrite/access.html#blocked-inline-images
and adapt the example to your site.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not For Hire (currently)
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
