You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by rb...@apache.org on 2002/06/15 05:06:35 UTC

cvs commit: httpd-docs-1.3/htdocs/manual/misc FAQ-G.html

rbowen      2002/06/14 20:06:35

  Modified:    htdocs/manual/misc FAQ-G.html
  Log:
  Added FAQ about "image theft".
  
  Revision  Changes    Path
  1.8       +43 -1     httpd-docs-1.3/htdocs/manual/misc/FAQ-G.html
  
  Index: FAQ-G.html
  ===================================================================
  RCS file: /home/cvs/httpd-docs-1.3/htdocs/manual/misc/FAQ-G.html,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -u -r1.7 -r1.8
  --- FAQ-G.html	8 Oct 2001 01:26:54 -0000	1.7
  +++ FAQ-G.html	15 Jun 2002 03:06:35 -0000	1.8
  @@ -99,6 +99,10 @@
   
             <li><a href="#prompted-twice">Why does Apache ask for my
             password twice before serving a file?</a></li>
  +
  +          <li><a href="#image-theft">How can I prevent people from
  +          "stealing" the images from my web site?</a></li>
  +
           </ol>
         </li>
         <!--#endif -->
  @@ -406,6 +410,44 @@
           </ol>
           <hr />
         </li>
  +
  +      <li>
  +        <a id="image-theft" name="image-theft"><strong>How can I prevent
  +        people from "stealing" the images from my web site?</strong></a> 
  +
  +        <p>The goal here is to prevent people from inlining your images
  +        directly from their web site, but accessing them only if they
  +        appear inline in your pages.<p>
  +
  +        <p>This can be accomplished with a combination of SetEnvIf and
  +        the Deny and Allow directives. However, it is important to 
  +        understand that any access restriction based on the REFERER
  +        header is intrinsically problematic due to the fact that 
  +        browsers can send an incorrect REFERER, either because they 
  +        want to circumvent your restriction, or simply because they don't
  +        sent the right thing.</p>
  +
  +        <p>The following configuration will produce the desired effect, 
  +        if the browser passes correct REFERER headers.</p>
  +
  +<pre>
  +SetEnvIf REFERER "www\.mydomain\.com" linked_from_here
  +SetEnvIf REFERER "^$" linked_from_here
  +
  +&lt;Directory /www/images&gt;
  +    Order deny,allow
  +    Deny from all
  +    Allow from env=linked_from_here
  +&lt;/Directory&gt;
  +</pre>
  +
  +<p>Further examples can be found in the <a 
  +href="../env.html#examples">Environment Variables</a> documentation.</p>
  +
  +        <hr />
  +      </li>
  +
  +
       </ol>
       <!--#endif -->
       <!--#if expr="$STANDALONE" -->

Re: cvs commit: httpd-docs-1.3/htdocs/manual/misc FAQ-G.html

Posted by Aaron Bannert <aa...@clove.org>.

On Sat, Jun 15, 2002 at 03:06:35AM -0000, rbowen@apache.org wrote:
>   +        want to circumvent your restriction, or simply because they don't
>   +        sent the right thing.</p>

A minor typo:
This should say "they don't send the right thing" :)
                               ^

-aaron


---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org