You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Nicholas Sherlock <n....@gmail.com> on 2009/08/10 14:21:43 UTC
[users@httpd] Re: restrict access to files
Nina P. Gregorev wrote:
> How can I restrict access to files when accessed via the url link?
>
> I have image files that should be viewable within the site but shouldn't
> be viewable when a user type in the full url in the browser.
This is essentially impossible, unless you can control your client base.
The typical solution is "hotlinking protection", where requests are
rejected if their referrer is set to somebody else's website. It allows
requests which have _no_ referral information to pass because it's very
unlikely these requests came from another website.
To solve the problem with your situation, you'd have to reject all
requests whose referrer was for another website, _or was absent_ (since
entering the URL manually sends no referral information). This is a
problem because _many_ clients use privacy software that will remove
referral information from their requests for images embedded in your
webpages. For instance, I think one of the popular Norton security
programs does this, many visitors probably don't even know it's on their
computer.
So if you solve your problem, those clients will never be able to see
the images on your website.
Cheers,
Nicholas Sherlock
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org