You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rb...@apache.org on 2002/06/15 05:06:35 UTC
cvs commit: httpd-docs-1.3/htdocs/manual/misc FAQ-G.html
rbowen 2002/06/14 20:06:35
Modified: htdocs/manual/misc FAQ-G.html
Log:
Added FAQ about "image theft".
Revision Changes Path
1.8 +43 -1 httpd-docs-1.3/htdocs/manual/misc/FAQ-G.html
Index: FAQ-G.html
===================================================================
RCS file: /home/cvs/httpd-docs-1.3/htdocs/manual/misc/FAQ-G.html,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- FAQ-G.html 8 Oct 2001 01:26:54 -0000 1.7
+++ FAQ-G.html 15 Jun 2002 03:06:35 -0000 1.8
@@ -99,6 +99,10 @@
<li><a href="#prompted-twice">Why does Apache ask for my
password twice before serving a file?</a></li>
+
+ <li><a href="#image-theft">How can I prevent people from
+ "stealing" the images from my web site?</a></li>
+
</ol>
</li>
<!--#endif -->
@@ -406,6 +410,44 @@
</ol>
<hr />
</li>
+
+ <li>
+ <a id="image-theft" name="image-theft"><strong>How can I prevent
+ people from "stealing" the images from my web site?</strong></a>
+
+ <p>The goal here is to prevent people from inlining your images
+ directly from their web site, but accessing them only if they
+ appear inline in your pages.<p>
+
+ <p>This can be accomplished with a combination of SetEnvIf and
+ the Deny and Allow directives. However, it is important to
+ understand that any access restriction based on the REFERER
+ header is intrinsically problematic due to the fact that
+ browsers can send an incorrect REFERER, either because they
+ want to circumvent your restriction, or simply because they don't
+ sent the right thing.</p>
+
+ <p>The following configuration will produce the desired effect,
+ if the browser passes correct REFERER headers.</p>
+
+<pre>
+SetEnvIf REFERER "www\.mydomain\.com" linked_from_here
+SetEnvIf REFERER "^$" linked_from_here
+
+<Directory /www/images>
+ Order deny,allow
+ Deny from all
+ Allow from env=linked_from_here
+</Directory>
+</pre>
+
+<p>Further examples can be found in the <a
+href="../env.html#examples">Environment Variables</a> documentation.</p>
+
+ <hr />
+ </li>
+
+
</ol>
<!--#endif -->
<!--#if expr="$STANDALONE" -->
Re: cvs commit: httpd-docs-1.3/htdocs/manual/misc FAQ-G.html
Posted by Aaron Bannert <aa...@clove.org>.
On Sat, Jun 15, 2002 at 03:06:35AM -0000, rbowen@apache.org wrote:
> + want to circumvent your restriction, or simply because they don't
> + sent the right thing.</p>
A minor typo:
This should say "they don't send the right thing" :)
^
-aaron
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org