httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jsl...@gmail.com>
Subject Re: [users@httpd] How to restrict access??!
Date Thu, 16 Sep 2004 18:39:09 GMT
On Thu, 16 Sep 2004 11:48:06 -0500, Haywood Jaablowme
<haywood.jaablowme@gmail.com> wrote:
> I'm trying to restrict access to certain subfolders, but its not
> working correctly for me.
> What am I doing wrong?  I am using apache 2.0.51 on WinXP SP2.
> 
> I'm trying to get it so that when a visitor goes to blog.domain.com/index.php,
> the page correctly displays images and other include files used.
> But if the visitor directs their browser to blog.domain.com/images/image.gif
> or blog.domain.com/inc/inc.php - it should not let them access the file(s).

Note that what you want can't be done in a 100% effictive way, because
each request looks independent to the server.  Apache can't tell if an
image is accessed directly or embedded in a page.

But there is a commonly-used technique that is somewhat effective:
check the Referer HTTP header.  See the "prevent image theft" example:
http://httpd.apache.org/docs-2.0/env.html#examples

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message