Can you configure Apache to prevent a certain Web site from linking to yours? (Hint: You can use the Referer: HTTP header for this.)
What are the advantages of database files over plain text files?
Can you name some disadvantages of HTTP basic authentication?
For example, if you want to deny the example.org Web site access to your site, you can add the following to your configuration file:
They are much more scalable because they can be indexed. This means that Apache does not need to read the file sequentially until a match is found for a particular user, but rather can jump to the exact location.
One disadvantage is that it is transmitted in clear text over the network. This means that unless you are using SSL (explained in Hour 17), it is possible for an attacker to read the packets your browser sends to the server and steal your password. Another disadvantage is that HTTP authentication does not provide a means for customizing the login (except the realm name). It is very common for Web sites to implement custom login mechanisms using HTML forms and cookies.
SetEnvIfNoCase Referer "^http://www.example.org/" evil_site=1 Order Allow,Deny Allow from all Deny from env=evil_site