[users@httpd] Re: restrict access to files

[Nicholas Sherlock <n....@gmail.com>]

Nina P. Gregorev wrote:
> How can I restrict access to files when accessed via the url link?
> 
> I have image files that should be viewable within the site but shouldn't
> be viewable when a user type in the full url in the browser.

This is essentially impossible, unless you can control your client base. 
The typical solution is "hotlinking protection", where requests are 
rejected if their referrer is set to somebody else's website. It allows 
requests which have _no_ referral information to pass because it's very 
unlikely these requests came from another website.

To solve the problem with your situation, you'd have to reject all 
requests whose referrer was for another website, _or was absent_ (since 
entering the URL manually sends no referral information). This is a 
problem because _many_ clients use privacy software that will remove 
referral information from their requests for images embedded in your 
webpages. For instance, I think one of the popular Norton security 
programs does this, many visitors probably don't even know it's on their 
computer.

So if you solve your problem, those clients will never be able to see 
the images on your website.

Cheers,
Nicholas Sherlock


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org