check that the anti deeplinking via referer matches work

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@617 152afb58-edef-0310-8abb-c4023f1b3aa9

tests/core-condition.t

@@ -8,7 +8,7 @@ BEGIN {
 
 use strict;
 use IO::Socket;
-use Test::More tests => 6;
+use Test::More tests => 11;
 use LightyTest;
 
 my $tf = LightyTest->new();
@@ -51,3 +51,34 @@ ok($tf->handle_http($t) == 0, 'nesting');
 
 ok($tf->stop_proc == 0, "Stopping lighttpd");
 
+$tf->{CONFIGFILE} = 'lighttpd.conf';
+ok($tf->start_proc == 0, "Starting lighttpd") or die();
+
+$t->{REQUEST}  = ( <<EOF
+GET /nofile.png HTTP/1.0
+Host: www.example.org
+EOF
+ );
+$t->{RESPONSE} = ( { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } );
+ok($tf->handle_http($t) == 0, 'condition: Referer - no referer');
+
+$t->{REQUEST}  = ( <<EOF
+GET /nofile.png HTTP/1.0
+Host: www.example.org
+Referer: http://www.example.org/
+EOF
+ );
+$t->{RESPONSE} = ( { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } );
+ok($tf->handle_http($t) == 0, 'condition: Referer - referer matches regex');
+
+$t->{REQUEST}  = ( <<EOF
+GET /nofile.png HTTP/1.0
+Host: www.example.org
+Referer: http://123.example.org/
+EOF
+ );
+$t->{RESPONSE} = ( { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } );
+ok($tf->handle_http($t) == 0, 'condition: Referer - referer doesn\'t match');
+
+ok($tf->stop_proc == 0, "Stopping lighttpd");
+

tests/lighttpd.conf

@@ -168,3 +168,9 @@ $HTTP["remoteip"] =~ "(127.0.0.1)" {
     url.redirect = ( "^/redirect/$" => "http://localhost:2048/%1" )
   }
 }
+
+# deny access for all image stealers
+$HTTP["referer"] !~ "^($|http://www\.example\.org)" {
+  url.access-deny = ( ".jpg", ".jpeg", ".png" )
+}
+