Re: avoid user direct accec *.html
On Mon, 2002-04-29 at 20:12, Patrick Hsieh wrote:
> If I want to avoid user to directly access my .html files, say type the
> complete url in the browser, is it possible?
> In PHP, I can check the HTTP_REFERER to make sure connections originates
> from the same website. If the HTTP_REFERER is empty or not belongs to
> the same website, I can redirect the client to another webpage. However,
> when it comes to static .html or even .jpg files, is it possible to
> configure apache to avoid that situation?
We use mod_rewrite to block external websites from directly linking to
images on one of our websites.
Based on the situation, we either return a 403 Forbidden code or provide
a watermarked version of the requested image.
Please keep in mind the advice given by others on this list that you
can't thrust user-supplied data. You can't use HTTP_REFERER to protect
your data, but it's a great tool to stop external websites from stealing
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org