httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rich Bowen <>
Subject Re: More about FAQs
Date Thu, 13 Jun 2002 03:15:15 GMT
On Fri, 7 Jun 2002, Rich Bowen wrote:

> On Fri, 7 Jun 2002, Rodent of Unusual Size wrote:
> > Acked, but I won't be able to get to it for quite a while.  Anyone else
> > want to take this one?
> I have a few things that I wanted to add to the FAQ, so I'll take this,
> unless someone beats me to it.

OK, I've added it.

The FAQ that I wanted to add goes something like this:

Q: How do I deny access to images if they are not inline in one of my

A. This can be accomplished with a combination of SetEnvIf and the Deny
and Allow directives. However, it is important to understand that any access
restriction based on the REFERER header is intrinsically problematic due
to the fact that browsers can send an incorrect REFERER, either because
they want to circumvent your restriction, or simply because they don't
sent the right thing.

The following configuration will produce the desired effect, if the
browser passes correct REFERER headers.

SetEnvIf REFERER www\.mydomain\.com linked_from_here

<Directory /www/images>
    Order deny,allow
    Deny from all
    Allow from env=linked_from_here


Any objection to this FAQ?

Rich Bowen -
As we trace our own few circles around the sun
We get it backwards and our seven years go by like one
	Dog Years (Rush - Test for Echo - 1999)

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message