My question Send default 404 error page when Referer does not match got "closed as too broad" by a moderator and "deleted by Community ♦", eight months after I asked it. As far as I can see, it got no votes/answers/comments.

I assume missing votes and answers are the reason why I got deleted after it got closed. But why was it closed in the first place? Is it really too broad? If so, how could I improve it?

Here’s the question for those that cannot see deleted content:

Send default 404 error page when Referer does not match

Coming from this question on IT Security SE, I want to do the following in .htaccess for Apache:

If the Referer is NOT SecretString, send HTTP status 404 with the default (= not a custom) error page.

The error page should be exactly the same one you get when visiting a non-existent file on a host without any website resp. custom error pages set up.

The following .htaccess seems to work fine:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^SecretString$
RewriteRule .* - [R=404,L]

Could this be improved resp. be done in a different way?

The Apache documentation says about the R flag:

Any valid HTTP response status code may be specified, using the syntax [R=305], with a 302 status code being used by default if none is specified. The status code specified need not necessarily be a redirect (3xx) status code. However, if a status code is outside the redirect range (300-399) then the substitution string is dropped entirely, and rewriting is stopped as if the L were used.

I'm not sure if I understand the last sentence correctly. Does this mean that when using the value 404, Apache simply ignores whatever you specify at the third position (here: -)? And I could omit the L flag then too, correct?

RewriteRule .* - [R=404]

Should I specify something else than -? Or is this the correct character for "nothing"?

Does .* really mean "everything" (all URLs) or is there something better?

Is using R=404 the correct way to send the default 404 page?

Tagged: .htaccess

My question Send default 404 error page when Referer does not match got "closed as too broad" by a moderator and "deleted by Community ♦", eight months after I asked it. As far as I can see, it got no votes/answers/comments.

I assume missing votes and answers are the reason why I got deleted after it got closed. But why was it closed in the first place? Is it really too broad? If so, how could I improve it?

Here’s the question for those that cannot see deleted content:

Send default 404 error page when Referer does not match

Coming from this question on IT Security SE, I want to do the following in .htaccess for Apache:

If the Referer is NOT SecretString, send HTTP status 404 with the default (= not a custom) error page.

The error page should be exactly the same one you get when visiting a non-existent file on a host without any website resp. custom error pages set up.

The following .htaccess seems to work fine:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^SecretString$
RewriteRule .* - [R=404,L]

Could this be improved resp. be done in a different way?

The Apache documentation says about the R flag:

Any valid HTTP response status code may be specified, using the syntax [R=305], with a 302 status code being used by default if none is specified. The status code specified need not necessarily be a redirect (3xx) status code. However, if a status code is outside the redirect range (300-399) then the substitution string is dropped entirely, and rewriting is stopped as if the L were used.

I'm not sure if I understand the last sentence correctly. Does this mean that when using the value 404, Apache simply ignores whatever you specify at the third position (here: -)? And I could omit the L flag then too, correct?

RewriteRule .* - [R=404]

Should I specify something else than -? Or is this the correct character for "nothing"?

Does .* really mean "everything" (all URLs) or is there something better?

Is using R=404 the correct way to send the default 404 page?

Tagged: .htaccess

My question Send default 404 error page when Referer does not match got "closed as too broad" by a moderator and "deleted by Community ♦", eight months after I asked it. As far as I can see, it got no votes/answers/comments.

I assume missing votes and answers are the reason why I got deleted after it got closed. But why was it closed in the first place? Is it really too broad? If so, how could I improve it?

Here’s the question for those that cannot see deleted content:

Send default 404 error page when Referer does not match

Coming from this question on IT Security SE, I want to do the following in .htaccess for Apache:

If the Referer is NOT SecretString, send HTTP status 404 with the default (= not a custom) error page.

The error page should be exactly the same one you get when visiting a non-existent file on a host without any website resp. custom error pages set up.

The following .htaccess seems to work fine:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^SecretString$
RewriteRule .* - [R=404,L]

Could this be improved resp. be done in a different way?

The Apache documentation says about the R flag:

Any valid HTTP response status code may be specified, using the syntax [R=305], with a 302 status code being used by default if none is specified. The status code specified need not necessarily be a redirect (3xx) status code. However, if a status code is outside the redirect range (300-399) then the substitution string is dropped entirely, and rewriting is stopped as if the L were used.

I'm not sure if I understand the last sentence correctly. Does this mean that when using the value 404, Apache simply ignores whatever you specify at the third position (here: -)? And I could omit the L flag then too, correct?

RewriteRule .* - [R=404]

Should I specify something else than -? Or is this the correct character for "nothing"?

Does .* really mean "everything" (all URLs) or is there something better?

Is using R=404 the correct way to send the default 404 page?

Tagged: .htaccess

My question Send default 404 error page when Referer does not match got "closed as too broad" by a moderator and "deleted by Community ♦", eight months after I asked it. As far as I can see, it got no votes/answers/comments.

I assume missing votes and answers are the reason why I got deleted after it got closed. But why was it closed in the first place? Is it really too broad? If so, how could I improve it?

Here’s the question for those that cannot see deleted content:

Send default 404 error page when Referer does not match

Coming from this question on IT Security SE, I want to do the following in .htaccess for Apache:

If the Referer is NOT SecretString, send HTTP status 404 with the default (= not a custom) error page.

The error page should be exactly the same one you get when visiting a non-existent file on a host without any website resp. custom error pages set up.

The following .htaccess seems to work fine:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^SecretString$
RewriteRule .* - [R=404,L]

Could this be improved resp. be done in a different way?

The Apache documentation says about the R flag:

Any valid HTTP response status code may be specified, using the syntax [R=305], with a 302 status code being used by default if none is specified. The status code specified need not necessarily be a redirect (3xx) status code. However, if a status code is outside the redirect range (300-399) then the substitution string is dropped entirely, and rewriting is stopped as if the L were used.

I'm not sure if I understand the last sentence correctly. Does this mean that when using the value 404, Apache simply ignores whatever you specify at the third position (here: -)? And I could omit the L flag then too, correct?

RewriteRule .* - [R=404]

Should I specify something else than -? Or is this the correct character for "nothing"?

Does .* really mean "everything" (all URLs) or is there something better?

Is using R=404 the correct way to send the default 404 page?

Tagged: .htaccess