Re: avoid user direct accec *.html

[Bart-Jan Vrielink <bartjan@vrielink.net>]

On Mon, 2002-04-29 at 20:12, Patrick Hsieh wrote:

> If I want to avoid user to directly access my .html files, say type the
> complete url in the browser, is it possible?
> 
> In PHP, I can check the HTTP_REFERER to make sure connections originates
> from the same website. If the HTTP_REFERER is empty or not belongs to
> the same website, I can redirect the client to another webpage. However,
> when it comes to static .html or even .jpg files, is it possible to
> configure apache to avoid that situation?

We use mod_rewrite to block external websites from directly linking to
images on one of our websites.
Based on the situation, we either return a 403 Forbidden code or provide
a watermarked version of the requested image.

Please keep in mind the advice given by others on this list that you
can't thrust user-supplied data. You can't use HTTP_REFERER to protect
your data, but it's a great tool to stop external websites from stealing
your bandwidth.

-- 
Tot ziens,

Bart-Jan


-- 
To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org