You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Richard Crawford <rc...@unexmail.ucdavis.edu> on 2005/03/09 23:54:54 UTC
[users@httpd] Restricting page access
I'm still working on the problem of delivering those huge PDF files. In
the meantime, I was also asked to prevent those files from being
displayed unless the link to them was clicked on; in other words, I want
to prevent users from being able to display a file by typing the URL
directly into their browser. Normally I'd use basic authentication in
an .htaccess file, but in this setting that is inappropriate. I tried
adapting the solution from the _Apache Cookbook_ that prevents linking
of local images by remote sites, but that didn't seem to do the trick.
Here is the .htaccess file that I created:
<FilesMatch "\.pdf$">
SetEnvNoCase Referer "^http://outsite.edu" local_referer=1
Order Deny,Allow
Allow from env=local_referer
</FilesMatch>
This doesn't prevent a pdf file from being delivered if the user types
in the URL directly.
--
Richard S. Crawford
Programmer III
UC Davis Extension Distance Education Group (http://unexdlc.ucdavis.edu)
2901 K Street, Suite 200C
Sacramento, CA 95816
(916)327-7793
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Restricting page access
Posted by Richard Crawford <rc...@unexmail.ucdavis.edu>.
Noah wrote:
> On Wed, Mar 09, 2005 at 02:54:54PM -0800, Richard Crawford wrote:
>
>>I tried adapting the solution from the _Apache Cookbook_ that prevents linking
>>of local images by remote sites, but that didn't seem to do the trick.
>>
>>Here is the .htaccess file that I created:
>>
>><FilesMatch "\.pdf$">
>>SetEnvNoCase Referer "^http://outsite.edu" local_referer=1
>>Order Deny,Allow
>>Allow from env=local_referer
>></FilesMatch>
>
>
> You don't specify a Deny directive here:
>
> <FilesMatch "\.pdf$">
> SetEnvNoCase Referer "^http://outsite.edu" local_referer=1
> Order deny,allow
> Deny from all
> Allow from env=local_referer
> </FilesMatch>
Thanks for the tip.
It's still not working, but I think I know why; it has to do with the
JRun configuration, and not Apache.
--
Richard S. Crawford
Programmer III
UC Davis Extension Distance Education Group (http://unexdlc.ucdavis.edu)
2901 K Street, Suite 200C
Sacramento, CA 95816
(916)327-7793
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Restricting page access
Posted by Noah <si...@onastick.net>.
On Wed, Mar 09, 2005 at 02:54:54PM -0800, Richard Crawford wrote:
> I tried adapting the solution from the _Apache Cookbook_ that prevents linking
> of local images by remote sites, but that didn't seem to do the trick.
>
> Here is the .htaccess file that I created:
>
> <FilesMatch "\.pdf$">
> SetEnvNoCase Referer "^http://outsite.edu" local_referer=1
> Order Deny,Allow
> Allow from env=local_referer
> </FilesMatch>
You don't specify a Deny directive here:
<FilesMatch "\.pdf$">
SetEnvNoCase Referer "^http://outsite.edu" local_referer=1
Order deny,allow
Deny from all
Allow from env=local_referer
</FilesMatch>
--n
--
<huey> dd of=/dev/fd0 if=/dev/flippy bs=1024
<huey> ^^^ Making Flippy Floppy
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org