httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "yc lim" <meepok...@hotmail.com>
Subject RE: [users@httpd] Unable to relative link outside root directory
Date Thu, 29 Jul 2004 16:58:35 GMT
nope....I tried and it didnt work.

or did I miss out something?

yc

>From: "Boyle Owen" <Owen.Boyle@swx.com>
>Reply-To: users@httpd.apache.org
>To: <users@httpd.apache.org>
>Subject: RE: [users@httpd] Unable to relative link outside root directory
>Date: Thu, 29 Jul 2004 14:46:58 +0200
>
>
>
> > -----Original Message-----
> > From: yc lim [mailto:meepokman@hotmail.com]
> > Sent: Donnerstag, 29. Juli 2004 12:29
> > To: users@httpd.apache.org
> > Subject: Re: [users@httpd] Unable to relative link outside root
> > directory
> >
> >
> > >From: Eimantas Vaiciunas <eimantas.vaiciunas@sc.vu.lt>
> > >Reply-To: eimantas.vaiciunas@sc.vu.lt
> > >To: users@httpd.apache.org
> > >Subject: Re: [users@httpd] Unable to relative link outside
> > root directory
> > >Date: Thu, 29 Jul 2004 12:17:42 +0200
> > >
> > >On Thursday 29 July 2004 12:01, yc lim wrote:
> > > >   Case 1: if I have the image folder within the root directory
> > > > /var/www/html/websiteroot/image/
> > > >
> > > >   No matter how many image protect measures / scripts I
> > implement,
> > >people
> > > > will still be able to view my image by entering the URL
> > of the image
> > > > directly (i.e. www.example.com/image/1.jpeg)
> > > >
> > > >   Case 2: I decided that to prevent people from bing able
> > to access the
> > > > image directly via URL, I place the image file outside the root
> > >document.
> > > > This way, no one can access the folder at all except the server.
> > > >
> > > >   Case 3: Using alias as suggested, gives the similar
> > effect as having
> > >the
> > > > image directory in the root folder. I can always access the image
> > >directory
> > > > (i.e. www.example.com/images/1.jpeg)
> > > >
> > > >   Nevertheless, I did learn something new. Hope someone
> > can enlighten me
> > >:)
> > >I think this should do:
> > >
> > >SetEnvIf Referer "^http://your.domain.com/" local_referal
> > >SetEnvIf Referer "^$" local_referal
> > ><Directory /var/www/html/images>
> > >	Order Deny,Allow
> > >  	Deny from all
> > >   	Allow from env=local_referal
> > ></Directory>
> > >
> > >This example was taken from apache documentation
>(http://httpd.apache.org/
> >docs/env.html#examples)
> >
> >This just prevents hot-linking. What I'm concerned is leeching.
>
>Please define both terms and what you think is the difference...
>
> >
> >What I want to prevent is from people from accessing the image
>directly,
> >even thru my own website:
> >
> >i.e. when url = http://www.example.com/image/1.jpeg, apache will return
>an
> >error.
>
>If you implement the method described by Eimantas this is what will
>happen - did you try it?
>
> >The only way the user can see the image is when thru the webpage
> >whereby the image is embeded in.
> >
> >*I can still see & save the image by entering the url directly
> >http://www.example.com/image/1.jpeg.
>
>If you still see it then you must not have implemented the method
>correctly. The server will refuse to deliver the content to clients
>which do not present the correct Referer header in the request.
>
>Conversely, if the client presents a valid Referer, your server *must*
>deliver it. You can't simultaneously allow and deny access...
>
>Rgds,
>Owen Boyle
>Disclaimer: Any disclaimer attached to this message may be ignored.
>
> >
>yc
>
>_________________________________________________________________
>Take a break! Find destinations on MSN Travel.
>http://www.msn.com.sg/travel/
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server
>Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>Diese E-mail ist eine private und persönliche Kommunikation. Sie hat
>keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This
>e-mail is of a private and personal nature. It is not related to the
>exchange or business activities of the SWX Group. Le présent e-mail est
>un message privé et personnel, sans rapport avec l'activité boursière du
>Groupe SWX.
>
>This message is for the named person's use only. It may contain
>confidential, proprietary or legally privileged information. No
>confidentiality or privilege is waived or lost by any mistransmission.
>If you receive this message in error, please notify the sender urgently
>and then immediately delete the message and any copies of it from your
>system. Please also immediately destroy any hardcopies of the message.
>You must not, directly or indirectly, use, disclose, distribute, print,
>or copy any part of this message if you are not the intended recipient.
>The sender's company reserves the right to monitor all e-mail
>communications through their networks. Any views expressed in this
>message are those of the individual sender, except where the message
>states otherwise and the sender is authorised to state them to be the
>views of the sender's company.
>
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>

_________________________________________________________________
Fast. Clear. Easy. The new face of MSN Search. http://search.msn.com.sg/


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message