You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Jaikishan Jalan <ja...@gmail.com> on 2009/08/18 01:23:06 UTC
[users@httpd] Blocking request to download resource folder.
Hello,
I have a folder named resources - which contains all my images and css file
etc. I want to make sure that no body can download those resources using a
browser by typing directly the URL of that resource. However, at the same
time I want my html files to render those resources without any problem. My
first question is if this is possible at all? Because I believe that
whenever an HTML page is requested by a browser by typing the URL, all the
resources are sent to client using GET request. If I put a block on my
resource folder directly, then my HTML wont be able to render those
resources. For similar reasons, I cannot block access to folder based on the
type of request (GET or POST).
Are there any configuration parameters that can be set for the apache server
or is there any way to get around this problem.
--
Thanks,
Jaikishan
Re: [users@httpd] Blocking request to download resource folder.
Posted by Krist van Besien <kr...@gmail.com>.
On Tue, Aug 18, 2009 at 1:23 AM, Jaikishan Jalan<ja...@gmail.com> wrote:
> Hello,
>
> I have a folder named resources - which contains all my images and css file
> etc. I want to make sure that no body can download those resources using a
> browser by typing directly the URL of that resource. However, at the same
> time I want my html files to render those resources without any problem. My
> first question is if this is possible at all?
Basically it is not possible to make something available and
unavailable at the same time. You have no control over the computer
that will be used to watch your website, so you have no way to keep
someone looking at your website from making local copies of any
resources you give him.
What you can do is block requests that don't have the right referrer
field set. An example:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yoursite.com/.*$ [NC]
RewriteRule \.(gif|jpg|png)$ - [F]
The idea here is to stop hotlinking and bandwidth theft. However, you
can't stop someone from right clicking on an image in your webpage,
and choosing "save as...".
You'll have to accept that once it's out there, it will remain out there.
Krist
--
krist.vanbesien@gmail.com
krist@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org