[users@httpd] How to prevent a site to be grabbed ?

["J. Bakshi" <jo...@infoservices.in>]

Hello,

This is a very worried continuation of my previous mail "how to prevent
mp3 downloading ?"
André Warnier has already opened my eyes that wget and curl are quite
capable to bypass the .htaccess by using --user-agent option and I
myself successfully downloaded some file and folders from the my own
site which I believe having a strong .htaccess to prevent curl and wget.

So I'm looking a way to prevent my site to be grabbed. Could any one
suggest any measure in apache or .htaccess ?

Eagerly waiting for your kind response.
Thanks

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] How to prevent a site to be grabbed ?

[Brian Mearns <me...@gmail.com>]

On Thu, Mar 26, 2009 at 6:20 AM, Richard Peacock
<ri...@minorplanet.com> wrote:
> Lol, good answer Krist!
>
> Although many people have tried to prevent things like right-click and
> grabbing of files from their websites, they are all bypassable in one
> way or another ;)
>
>
>
>
> -----Original Message-----
> From: Krist van Besien [mailto:krist.vanbesien@gmail.com]
> Sent: 26 March 2009 10:15
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] How to prevent a site to be grabbed ?
>
> On Thu, Mar 26, 2009 at 9:57 AM, J. Bakshi <jo...@infoservices.in>
> wrote:
>
>> So I'm looking a way to prevent my site to be grabbed. Could any one
>> suggest any measure in apache or .htaccess ?
>
> Don't connect your site to the internet. That will prevent is from
> being grabbed.
>
> Krist
>
> --
> krist.vanbesien@gmail.com
> krist@vanbesien.org
> Bremgarten b. Bern, Switzerland
> --
> A: It reverses the normal flow of conversation.
> Q: What's wrong with top-posting?
> A: Top-posting.
> Q: What's the biggest scourge on plain text email discussions?
>

Grabbing a page means downloading a page. Browsing a page means the
same thing. If you want to prevent grabbing, you have to prevent
people from accessing the site at all. Even if you found a way to
block clients like wget and curl (there is none), people could still
just browse your site and click File > Save Page. Besides, wget and
curl are not exactly nefarious programs. Sure, people can be really
annoying with them, but they are used for perfectly legitimate
purposes, so blocking their user agents is only going to annoy people
who are using them legitimately, and not stop those who aren't.

It's really not clear why this is such a concern for you? If there's
stuff on your site that you don't want to people to have, why is it on
your site? You can set up access restrictions so that a username and
password are required, you can use SSL to prevent eavesdroppers from
getting stuff that other people are looking at. But ultimately,
putting something on your publicly accessible site is offering it up
to be downloaded...that's what a site is.

If you're just trying to prevent people from using all your bandwidth
doing automated mass  downloads, there are some techniques you can use
to throttle access rates.

Why don't you tell us exactly what content you have that you're so
worried about and who you're trying to prevent doing what to it, and
maybe we can figure out the right way to help you.

-Brian

-- 
Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: http://pgp.mit.edu/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: [users@httpd] How to prevent a site to be grabbed ?

[Richard Peacock <ri...@minorplanet.com>]

Lol, good answer Krist!

Although many people have tried to prevent things like right-click and
grabbing of files from their websites, they are all bypassable in one
way or another ;)


  

-----Original Message-----
From: Krist van Besien [mailto:krist.vanbesien@gmail.com] 
Sent: 26 March 2009 10:15
To: users@httpd.apache.org
Subject: Re: [users@httpd] How to prevent a site to be grabbed ?

On Thu, Mar 26, 2009 at 9:57 AM, J. Bakshi <jo...@infoservices.in>
wrote:

> So I'm looking a way to prevent my site to be grabbed. Could any one
> suggest any measure in apache or .htaccess ?

Don't connect your site to the internet. That will prevent is from
being grabbed.

Krist

-- 
krist.vanbesien@gmail.com
krist@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org



**********************************************************************
Privileged/Confidential Information may be contained in this 
message. If you are not the addressee indicated in this 
message (or responsible for delivery of the message to such 
person), you must not copy, distribute or take any action in 
reliance to it.
In such case, you should destroy this message and kindly 
notify the sender by reply email. Please advise immediately 
if you or your employer do not consent to Internet email for 
messages of this kind. Opinions, conclusions and other 
information in this message that do not relate to the official 
business of Minorplanet Systems plc shall be understood as 
neither given nor endorsed by it. Minorplanet Systems plc, Registration no: 3372097
Minorplanet Limited, Registration no: 4072786
Greenwich House, 223 North Street, Leeds, LS7 2AA
VAT #: 698 1438 86
********************************************************************** 
 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] How to prevent a site to be grabbed ?

[Krist van Besien <kr...@gmail.com>]

On Thu, Mar 26, 2009 at 9:57 AM, J. Bakshi <jo...@infoservices.in> wrote:

> So I'm looking a way to prevent my site to be grabbed. Could any one
> suggest any measure in apache or .htaccess ?

Don't connect your site to the internet. That will prevent is from
being grabbed.

Krist

-- 
krist.vanbesien@gmail.com
krist@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: [users@httpd] How to prevent a site to be grabbed ?

[Richard Peacock <ri...@minorplanet.com>]

.. but surely even if he uses this one-time method then the person who clicks the link for the mp3 file will still get the file? albeit with added server load as it is copied first then deleted - not to mention the additional script work that would be needed?

Ultimately, there is no way to protect the content if it is web-facing, the web is a public resource and anything put on there can be grabbed by anyone.  If he really wants to protect the files then he would need to encrypt the files at source so when someone who is not authorised gets it, they can't do anything with it as they don't have the de-cryption key.


-----Original Message-----
From: Jonathan Zuckerman [mailto:j.zuckerman@gmail.com]
Sent: Thu 3/26/2009 18:06
To: users@httpd.apache.org
Subject: Re: [users@httpd] How to prevent a site to be grabbed ?
 
Use a one-time pad.  Every URL to an mp3 is not an actual resource,
it's a link that is generated when the user indicates a desire to
download the mp3, and the mp3 is then copied from a protected place to
a public place.  After that link is accessed one time, a script is run
which outputs the mp3 as a file, then deletes the public mp3 and
invalidates the link.  Hashing, cryptography, this is a classic
computer science problem ;)

On Thu, Mar 26, 2009 at 2:38 AM, Octavian Rasnita <or...@gmail.com> wrote:
> Password-protect it, and don't give the password to anyone. :-)
>
> If someone sees a page from your site, that page was already downloaded to the visitor's computer, and a visitor can create a program that download all the pages which he can access using a browser.
>
> Octavian
>
> ----- Original Message -----
> From: "J. Bakshi" <jo...@infoservices.in>
> To: <us...@httpd.apache.org>
> Sent: Thursday, March 26, 2009 10:57 AM
> Subject: [users@httpd] How to prevent a site to be grabbed ?
>
>
>> Hello,
>>
>> This is a very worried continuation of my previous mail "how to prevent
>> mp3 downloading ?"
>> André Warnier has already opened my eyes that wget and curl are quite
>> capable to bypass the .htaccess by using --user-agent option and I
>> myself successfully downloaded some file and folders from the my own
>> site which I believe having a strong .htaccess to prevent curl and wget.
>>
>> So I'm looking a way to prevent my site to be grabbed. Could any one
>> suggest any measure in apache or .htaccess ?
>>
>> Eagerly waiting for your kind response.
>> Thanks
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org





**********************************************************************
Privileged/Confidential Information may be contained in this 
message. If you are not the addressee indicated in this 
message (or responsible for delivery of the message to such 
person), you must not copy, distribute or take any action in 
reliance to it.
In such case, you should destroy this message and kindly 
notify the sender by reply email. Please advise immediately 
if you or your employer do not consent to Internet email for 
messages of this kind. Opinions, conclusions and other 
information in this message that do not relate to the official 
business of Minorplanet Systems plc shall be understood as 
neither given nor endorsed by it. Minorplanet Systems plc, Registration no: 3372097
Minorplanet Limited, Registration no: 4072786
Greenwich House, 223 North Street, Leeds, LS7 2AA
VAT #: 698 1438 86
********************************************************************** 
 

Re: [users@httpd] How to prevent a site to be grabbed ?

[Krist van Besien <kr...@gmail.com>]

On Fri, Mar 27, 2009 at 3:00 PM, Mark H. Wood <mw...@iupui.edu> wrote:

> If you must control how the file is used, you must arrange that only
> software provided by you is able to make it usable, and that that
> software has only the functions you specify.  This reduces the problem
> from "impossible" to "impossible in the long term and monumentally
> difficult in the short".  History is replete with failed attempts.

As long as the image eventually must appear on a monitor you don't
control or the music must eventually come out of a set of loudpeakers
in a room owned by someone else you will not be able to stop copying.
It's that simple. No DRM will ever work.

Krist

-- 
krist.vanbesien@gmail.com
krist@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] How to prevent a site to be grabbed ?

["Mark H. Wood" <mw...@IUPUI.Edu>]

Perhaps the closest analogy is with a document that must be shown to
someone (say, a secret agent) but which he may not copy or carry
away.  You wouldn't do this by mail, which is roughly what an HTTP
server represents.

The agent is put in a room.  An armed guard brings the document, waits
while it is read, then takes it away.  The agent is then allowed to
leave the room.  He will be searched before leaving the building.  In
short, you have to keep the protected document within an environment
you control.  Your user's browser is not such an environment and
*cannot* give you the assurance you seek.

If you must control how the file is used, you must arrange that only
software provided by you is able to make it usable, and that that
software has only the functions you specify.  This reduces the problem
from "impossible" to "impossible in the long term and monumentally
difficult in the short".  History is replete with failed attempts.

}set mode=soapbox{

This sort of solution is nearly equivalent to the other one (don't
serve the document at all), because hardly anyone will put up with
such an offensive, ungainly, and insecure (for him) process.  Unless
your documents are state secrets, you probably would be better off
thinking of another way.

Can't you just require an agreement before serving up the file, and
sue people who violate it until word gets around that you really mean
it?  Individual, on-the-fly watermarking sounds a whole lot simpler
than what is being proposed here.

-- 
Mark H. Wood, Lead System Programmer   mwood@IUPUI.Edu
Friends don't let friends publish revisable-form documents.

Re: [users@httpd] How to prevent a site to be grabbed ?

[Brian Mearns <me...@gmail.com>]

On Thu, Mar 26, 2009 at 2:41 PM, Octavian Râsnita <or...@gmail.com> wrote:
> Ok, and what happends if not a browser requests that mp3 file, but a custom
> made program that download all the files?
>
> Octavian
>
> ----- Original Message ----- From: "Jonathan Zuckerman"
> <j....@gmail.com>
> To: <us...@httpd.apache.org>
> Sent: Thursday, March 26, 2009 8:06 PM
> Subject: Re: [users@httpd] How to prevent a site to be grabbed ?
>
>
> Use a one-time pad.  Every URL to an mp3 is not an actual resource,
> it's a link that is generated when the user indicates a desire to
> download the mp3, and the mp3 is then copied from a protected place to
> a public place.  After that link is accessed one time, a script is run
> which outputs the mp3 as a file, then deletes the public mp3 and
> invalidates the link.  Hashing, cryptography, this is a classic
> computer science problem ;)
>
> On Thu, Mar 26, 2009 at 2:38 AM, Octavian Rasnita <or...@gmail.com>
> wrote:

Or what happens if the person who requested the one-time-valid URL
just uses their browser to save the file to disk.

As stated a few dozen times already on this thread: the only way to
prevent people from getting things off your server is to give them
access to it in the first place.

-Brian

-- 
Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: http://pgp.mit.edu/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] How to prevent a site to be grabbed ?

[Octavian Râsnita <or...@gmail.com>]

Ok, and what happends if not a browser requests that mp3 file, but a custom 
made program that download all the files?

Octavian

----- Original Message ----- 
From: "Jonathan Zuckerman" <j....@gmail.com>
To: <us...@httpd.apache.org>
Sent: Thursday, March 26, 2009 8:06 PM
Subject: Re: [users@httpd] How to prevent a site to be grabbed ?


Use a one-time pad.  Every URL to an mp3 is not an actual resource,
it's a link that is generated when the user indicates a desire to
download the mp3, and the mp3 is then copied from a protected place to
a public place.  After that link is accessed one time, a script is run
which outputs the mp3 as a file, then deletes the public mp3 and
invalidates the link.  Hashing, cryptography, this is a classic
computer science problem ;)

On Thu, Mar 26, 2009 at 2:38 AM, Octavian Rasnita <or...@gmail.com> 
wrote:
> Password-protect it, and don't give the password to anyone. :-)
>
> If someone sees a page from your site, that page was already downloaded to 
> the visitor's computer, and a visitor can create a program that download 
> all the pages which he can access using a browser.
>
> Octavian
>
> ----- Original Message -----
> From: "J. Bakshi" <jo...@infoservices.in>
> To: <us...@httpd.apache.org>
> Sent: Thursday, March 26, 2009 10:57 AM
> Subject: [users@httpd] How to prevent a site to be grabbed ?
>
>
>> Hello,
>>
>> This is a very worried continuation of my previous mail "how to prevent
>> mp3 downloading ?"
>> André Warnier has already opened my eyes that wget and curl are quite
>> capable to bypass the .htaccess by using --user-agent option and I
>> myself successfully downloaded some file and folders from the my own
>> site which I believe having a strong .htaccess to prevent curl and wget.
>>
>> So I'm looking a way to prevent my site to be grabbed. Could any one
>> suggest any measure in apache or .htaccess ?
>>
>> Eagerly waiting for your kind response.
>> Thanks
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server 
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] How to prevent a site to be grabbed ?

[Jonathan Zuckerman <j....@gmail.com>]

Use a one-time pad.  Every URL to an mp3 is not an actual resource,
it's a link that is generated when the user indicates a desire to
download the mp3, and the mp3 is then copied from a protected place to
a public place.  After that link is accessed one time, a script is run
which outputs the mp3 as a file, then deletes the public mp3 and
invalidates the link.  Hashing, cryptography, this is a classic
computer science problem ;)

On Thu, Mar 26, 2009 at 2:38 AM, Octavian Rasnita <or...@gmail.com> wrote:
> Password-protect it, and don't give the password to anyone. :-)
>
> If someone sees a page from your site, that page was already downloaded to the visitor's computer, and a visitor can create a program that download all the pages which he can access using a browser.
>
> Octavian
>
> ----- Original Message -----
> From: "J. Bakshi" <jo...@infoservices.in>
> To: <us...@httpd.apache.org>
> Sent: Thursday, March 26, 2009 10:57 AM
> Subject: [users@httpd] How to prevent a site to be grabbed ?
>
>
>> Hello,
>>
>> This is a very worried continuation of my previous mail "how to prevent
>> mp3 downloading ?"
>> André Warnier has already opened my eyes that wget and curl are quite
>> capable to bypass the .htaccess by using --user-agent option and I
>> myself successfully downloaded some file and folders from the my own
>> site which I believe having a strong .htaccess to prevent curl and wget.
>>
>> So I'm looking a way to prevent my site to be grabbed. Could any one
>> suggest any measure in apache or .htaccess ?
>>
>> Eagerly waiting for your kind response.
>> Thanks
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] How to prevent a site to be grabbed ?

[Octavian Rasnita <or...@gmail.com>]

Password-protect it, and don't give the password to anyone. :-)

If someone sees a page from your site, that page was already downloaded to the visitor's computer, and a visitor can create a program that download all the pages which he can access using a browser.

Octavian

----- Original Message ----- 
From: "J. Bakshi" <jo...@infoservices.in>
To: <us...@httpd.apache.org>
Sent: Thursday, March 26, 2009 10:57 AM
Subject: [users@httpd] How to prevent a site to be grabbed ?


> Hello,
> 
> This is a very worried continuation of my previous mail "how to prevent
> mp3 downloading ?"
> André Warnier has already opened my eyes that wget and curl are quite
> capable to bypass the .htaccess by using --user-agent option and I
> myself successfully downloaded some file and folders from the my own
> site which I believe having a strong .htaccess to prevent curl and wget.
> 
> So I'm looking a way to prevent my site to be grabbed. Could any one
> suggest any measure in apache or .htaccess ?
> 
> Eagerly waiting for your kind response.
> Thanks
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org