2 referreral domains

What would be the best firewall rule to only allow referral domains coming from one or the other domains I have ?

I ask because I use the same domain to serve files and only want access to it from referral from my 2 other domains that hosts the html.

Thanks

As long as those two domains actually pass along the Referer, then this rule should work:

And if they don’t pass along at the same time ? Like if a file is referred by domain2 and not domain3 I think it will be blocked…

Would it be better to add 2 subdomains for my hosted file domain and then adding a rule for each subdomains for the referrer ?

Thanks

A request has one referrer. This rule checks: It has to be missing domain2 AND domain3 for it to block. It it’s just missing one of them, it won’t block because it has the other one.

Would that allow bypass with a referer of:

http://www.bad-guy-domain.com/domain3.com.html

If they’re that desperate to scrape content, then sure. There aren’t that many options for Referrer checks. (not)equal and (not)contain.

The user could set their referrer policy to Origin and strip off the path, and then use Does Not Equal for a perfect match.

(yes, I jump back and forth between “referer” and “referrer” because the actual header is misspelled)

How do you set the referrer policy to origin ?

That’s done at the server. How it’s done depends upon your specific setup. I’m sure Google has a bunch of links for this.