mod_access_referer is a module for the Apache HTTP Server that provides access control based on "Referer" HTTP header content.
Why is mod_access_referer useful?
Basically, it allow or deny the access based on what page is shown in the Web browser, which means that if you publish a document (picture, chart or other) in your site, the people will have to visit your Web site to access it, and no one will be able to link just the document.
There are many organizations that publish valuable files (pictures, charts, and other documents) in their Web sites. Those organizations want to make public those files, but at the same time they want the people having visiting their Web sites in order to get those files (example, in order to get revenue from sell banners which are shown at the Web site).
But, there are situations where the files are linked from other Web sites, other than the organization owns. In such situations, the organization is loosing twice: one because the people don't visit the organization's Web site to get the files, and another because the organization still pay the necessary bandwidth to get the files.
Most browsers today send the "Referer" HTTP header in each request that comes from another Web page. This can be used to track from where the resources are linked, but it can be used to allow or deny the access to such resources if the "Referer" is not a page from the organization's Web site.
mod_access_referer is an Apache module that understand the "Referer" HTTP header, and grant or deny access based on the Web page that refered the file.
The "Referer" HTTP header is sent by the browser to the server, and it contains the URL of the resource from where the URL of the asked resource was obtained. The document "Hypertext Transfer Protocol -- HTTP/1.1" RFC 2616 gives the following explanation:
"The Referer[sic] request-header field allows the client to specify, for the server's benefit, the address (URI) of the resource from which the Request-URI was obtained (the "referrer", although the header field is misspelled.) The Referer request-header allows a server to generate lists of back-links to resources for interest, logging, optimized caching, etc. It also allows obsolete or mistyped links to be traced for maintenance. The Referer field MUST NOT be sent if the Request-URI was obtained from a source that does not have its own URI, such as input from the user keyboard."
· Apache 1.3.x
· DSO support