httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Saqib.N....@seagate.com
Subject Re: [users@httpd] Hide the URL when Downloading a File
Date Sat, 26 Oct 2002 22:01:07 GMT

Hi Mary,
I think what you want to do is prevent people from directly linking to the
PDF files.

You can either do it on the web server level, or on the server-side
scripting level (e.g. PHP or JSP).

All you have to do is check for the referer VARIABLE.

--- Server Level:
If you want to do it on the server level, you will have to use
"mod_rewrite" module and HTTP_REFERER variable. There is a good example @
http://httpd.apache.org/docs/misc/rewriteguide.html  under the section
titled "Blocked Inline-Images". You will have slightly modify it to match
your file types.

--- Sever-based scriptting level:
Here is some sample PHP code
$referer = $HTTP_REFERER;
if($referer) {
     if (ereg("http://testbrass.web.boeing/download/", $referer))
     {
          header("Location:
http://testbrass.web.boeing/download/test.pdf");
     }
     else {
          header("Location: http://some_other.url");
     }
}
else {
header("Location: http://some_other.url");

I hope this helps.

In Peace,
Saqib Ali
http://www.sc-icc.org:8080/cocoon/mount/docbook/

"I fear, if I rebel against my Lord, the retribution of an Awful Day (The
Day of Resurrection)" Al-Quran 6:15

               (Embedded image moved to file: pic30714.jpg)


                                                                                         
                                  
                    "Wang, Mary Y"                                                       
                                  
                    <mary.y.wang@b        To:     "'users@httpd.apache.org'" <users@httpd.apache.org>
                      
                    oeing.com>            cc:                                         
                                     
                    No Phone Info         Subject:     [users@httpd] Hide the URL when Downloading
a File                   
                    Available                                                            
                                  
                                                                                         
                                  
                    10/25/2002                                                           
                                  
                    03:54 PM                                                             
                                  
                    Please respond                                                       
                                  
                    to users                                                             
                                  
                                                                                         
                                  
                                                                                         
                                  




Hi Everyone,
I have been thinking about this problem for a while, but no solution at
this
point.  I need your help!
I have some files located in a directory on the server for downloading.  I
can't really protect the directory because the user and
group id are all defaulted to "apache".

When the user is downloading a file, a href is point to the URL, it would
grab the file from http://testbrass.web.boeing/download/test.pdf.
The problem is that all my security check is done thru .php file.  On the
browser, it would show the URL as above, and
any unauthorized users could just copy that URL and get that file.  I don't
want to set up the .htaccess thing right now for my own reasons.  My
question is that
is there any way I can disguise this URL to some garbled URL, so that http
clients CAN'T see the URL and only server code
can process the correct URL?  Can I configure this in httpd.conf?

Thanks for any input!



Mary
(562) 797-1545


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org



Mime
View raw message