httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Saqib.N....@seagate.com
Subject Re: [users@httpd] Hide the URL when Downloading a File
Date Sun, 27 Oct 2002 02:10:18 GMT

> Not really - it is not difficult at all to add an appropriate Referer
> header to a request.  The 'wget' command, for example, has an option to

Hi Zac,
I understand that there are ways to get around it. However this is the best
I have found to prevent deep-linking. I have some sensitive content on of
our web-servers, which I need to prevent other sites from directly linking.
I can not passwd protect them either (application requirements). So I have
to use HTTP_REFERER.

Does anyone have any better suggestions to prevent deep-linking (direct
linking from other sites)? I am always willing to improve my application
server. Thanks.

In Peace,
Saqib Ali
http://www.sc-icc.org:8080/cocoon/mount/docbook/

"I fear, if I rebel against my Lord, the retribution of an Awful Day (The
Day of Resurrection)" Al-Quran 6:15




                                                                                         
                                 
                    Zac Stevens                                                          
                                 
                    <zts@cryptocr        To:     users@httpd.apache.org               
                                    
                    acy.com>             cc:                                          
                                    
                    No Phone Info        Subject:     Re: [users@httpd] Hide the URL when
Downloading a File               
                    Available                                                            
                                 
                                                                                         
                                 
                    10/26/2002                                                           
                                 
                    06:37 PM                                                             
                                 
                    Please                                                               
                                 
                    respond to                                                           
                                 
                    users                                                                
                                 
                                                                                         
                                 
                                                                                         
                                 




On Sat, Oct 26, 2002 at 04:31:49PM -0700, Saqib.N.Ali@seagate.com wrote:
> One of the way to fix this problem, is to use mod_rewrite and
HTTP_REFERER
> var.

Not really - it is not difficult at all to add an appropriate Referer
header to a request.  The 'wget' command, for example, has an option to
supply a specified referer.  While checking the referer goes a long way
towards preventing deep-linking to resources on your site, it does little
to stop a single client systematically downloading those same resources.


Zac

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message