You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by System <sy...@eluminoustechnologies.com> on 2003/04/24 21:41:59 UTC

[users@httpd] Securing Images!!

Hello,

My intentions are to secure images from being accessed directly from the url
or to disable hotlinking.
What i want is images should be accessible only through scripts!!! Is it
possible???

I know .htaccess is the solution for it but for some reasons i don't want to
use .htaccess Authentication. So do i have another options like securing the
Images without .htaccess or May be i can put them outside the document root.
if so can u guys put be on a correct path or let me know where can i found
one!!!!


Any help would be appreciated!!!

Regards,
Tina



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Securing Images!!

Posted by Joshua Slive <jo...@slive.ca>.

On Fri, 25 Apr 2003, System wrote:
> RewriteCond %{HTTP_REFERER} !^$

> I restarted apache but still dosen't work!!! I can access the Image directly
> through the Browser!!!
> Where should i put the ReWrite Statements???

The line quoted above says to allow through blank referers (as is the case
when you type the address in the URL bar).  Without that line, you will
block any browser that has disabled the Referer header.

There is no perfect way to do what you want.  It is relatively easy to
prevent other sites from in-lining your images, but it is almost
impossible to prevent people from directly accessing your images.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Securing Images!!

Posted by System <sy...@eluminoustechnologies.com>.


> Hello,
Replying My Own!!
>
> My intentions are to secure images from being accessed directly from the
url
> or to disable hotlinking.
> What i want is images should be accessible only through scripts!!! Is it
> possible???

Yes it is mod_ReWrite!!!

<VirtualHost 192.168.1.101>
ServerAlias www.myoffice.com myoffice.com
ServerAdmin webmaster@myoffice.com
DocumentRoot /home/myadmin/public_html
User myadmin
Group myadmin
ServerName www.myoffice.com
ScriptAlias /cgi-bin/ /home/myadmin/public_html/cgi-bin/
Rewriteengine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://mydomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mydomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mydomain.com/.*$ [NC]
RewriteRule .*\.(gif|GIF|jpg|JPG)$ - [F]
</VirtualHost>

I restarted apache but still dosen't work!!! I can access the Image directly
through the Browser!!!
Where should i put the ReWrite Statements???

I am on Redhat 7.2/Apache/1.3.20 (Unix)  (Red-Hat/Linux) mod_ssl/2.8.4
OpenSSL/0.9.6b DAV/1.0.2 PHP/4.0.6 mod_perl/1.24_01
LoadModule rewrite_module     modules/mod_rewrite.so
AddModule mod_rewrite.c

m' I doing something wrong here!!!

 So do i have another options like putting them outside the document root.
 if so can u guys put be on a correct path or let me know where can i found
 one!!!!

 Any help would be appreciated!!!

 Regards,
 Tina




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Securing Images!!

Posted by System <sy...@eluminoustechnologies.com>.

Hello All,

I am using following conf. in my httpd.conf to disable direct acces to
images (eg. http://mydomain.com/images/logo.gif) this works fine. But when I
use the image in html (eg. http://mydomain.com/images/test.html.)  the image
is not been displayed. What's wrong can
onyone help me please.

SetEnvIfNoCase Referer "^[url]http://myoffice\.com/[/url](.*)" my_site
<Directory "/home/myadmin/public_html/images">
Options -Indexes FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from env=my_site
</Directory>

Thank you,

Tina...


----- Original Message -----
From: "Mike" <mi...@levrah.net>
To: <us...@httpd.apache.org>
Sent: Friday, April 25, 2003 3:03 AM
Subject: Re: [users@httpd] Securing Images!!


> Tina.
>
> This may or may not help resolve your specific problem, but it might:
>
> http://www.levrah.net/support.mv?resw=+type=faq_hosting#13
>
> Hope it helps.
> -mike
>
> At 02:41 PM 4/24/2003, you wrote:
> >Hello,
> >
> >My intentions are to secure images from being accessed directly from the
url
> >or to disable hotlinking.
> >What i want is images should be accessible only through scripts!!! Is it
> >possible???
> >
> >I know .htaccess is the solution for it but for some reasons i don't want
to
> >use .htaccess Authentication. So do i have another options like securing
the
> >Images without .htaccess or May be i can put them outside the document
root.
> >if so can u guys put be on a correct path or let me know where can i
found
> >one!!!!
> >
> >
> >Any help would be appreciated!!!
> >
> >Regards,
> >Tina
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
>






---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Securing Images!!

Posted by Mike <mi...@levrah.net>.

Tina.

This may or may not help resolve your specific problem, but it might:

http://www.levrah.net/support.mv?resw=+type=faq_hosting#13

Hope it helps.
-mike

At 02:41 PM 4/24/2003, you wrote:
>Hello,
>
>My intentions are to secure images from being accessed directly from the url
>or to disable hotlinking.
>What i want is images should be accessible only through scripts!!! Is it
>possible???
>
>I know .htaccess is the solution for it but for some reasons i don't want to
>use .htaccess Authentication. So do i have another options like securing the
>Images without .htaccess or May be i can put them outside the document root.
>if so can u guys put be on a correct path or let me know where can i found
>one!!!!
>
>
>Any help would be appreciated!!!
>
>Regards,
>Tina


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org