How to prevent html links from live to staging
Links (img, a) that point from live site to the staging site are harmful. Often they are a result of a human error, but MidCOM tools sometimes produce absolute links that lead to the wrong site.
This is particularily bad when staging is on a publicly accessible subdomain/port and behind basic auth. In this situation the end users of the site get an authentication popup. Bad image links are more stealthy and harder to spot.
The examples assume the following configuration:
- Live: http://www.example.net
- Staging: http://www.example.net:8001
Apache
You can prevent Apache from serving images from the staging site when referer is the live site. This goes to the staging site's VirtualHost configuration (eg. /etc/midgard/apache/vhosts/www.example.net_8001).
# Do not serve any images if www.example.net is asking
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} ^http://www.example.net/.*$ \NC
RewriteCond %{HTTP_REFERER} !^http://www.example.net:8001/.*$ \NC
RewriteCond %{REQUEST_URI} \.(gif|jpg|jpeg|png)$
RewriteRule .* - \F