Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 94478 invoked from network); 16 Sep 2004 18:40:29 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 16 Sep 2004 18:40:29 -0000 Received: (qmail 64985 invoked by uid 500); 16 Sep 2004 18:39:22 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 64908 invoked by uid 500); 16 Sep 2004 18:39:21 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 64808 invoked by uid 99); 16 Sep 2004 18:39:20 -0000 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=PLING_QUERY,RCVD_BY_IP,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (hermes.apache.org: domain of jslive@gmail.com designates 64.233.170.192 as permitted sender) Received: from [64.233.170.192] (HELO mproxy.gmail.com) (64.233.170.192) by apache.org (qpsmtpd/0.28) with ESMTP; Thu, 16 Sep 2004 11:39:19 -0700 Received: by mproxy.gmail.com with SMTP id 77so496941rnl for ; Thu, 16 Sep 2004 11:39:09 -0700 (PDT) Received: by 10.38.74.77 with SMTP id w77mr1745020rna; Thu, 16 Sep 2004 11:39:09 -0700 (PDT) Received: by 10.38.78.16 with HTTP; Thu, 16 Sep 2004 11:39:09 -0700 (PDT) Message-ID: Date: Thu, 16 Sep 2004 14:39:09 -0400 From: Joshua Slive Reply-To: Joshua Slive To: users@httpd.apache.org, Haywood Jaablowme In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: X-Virus-Checked: Checked Subject: Re: [users@httpd] How to restrict access??! X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N On Thu, 16 Sep 2004 11:48:06 -0500, Haywood Jaablowme wrote: > I'm trying to restrict access to certain subfolders, but its not > working correctly for me. > What am I doing wrong? I am using apache 2.0.51 on WinXP SP2. > > I'm trying to get it so that when a visitor goes to blog.domain.com/index.php, > the page correctly displays images and other include files used. > But if the visitor directs their browser to blog.domain.com/images/image.gif > or blog.domain.com/inc/inc.php - it should not let them access the file(s). Note that what you want can't be done in a 100% effictive way, because each request looks independent to the server. Apache can't tell if an image is accessed directly or embedded in a page. But there is a commonly-used technique that is somewhat effective: check the Referer HTTP header. See the "prevent image theft" example: http://httpd.apache.org/docs-2.0/env.html#examples Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org