What the whitelist rule does is only allows your website unrestricted access to the viewer.php file. Since the file should only be called from your website and by your website since your website is the Referer then this whitelists the viewer.php file in a way that is completely safe to do. ie it cannot be exploited since the Referer condition MUST match your website domain name.
↧