httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Richard Crawford <rcrawf...@unexmail.ucdavis.edu>
Subject [users@httpd] Restricting page access
Date Wed, 09 Mar 2005 22:54:54 GMT
I'm still working on the problem of delivering those huge PDF files.  In 
the meantime, I was also asked to prevent those files from being 
displayed unless the link to them was clicked on; in other words, I want 
to prevent users from being able to display a file by typing the URL 
directly into their browser.  Normally I'd use basic authentication in 
an .htaccess file, but in this setting that is inappropriate.  I tried 
adapting the solution from the _Apache Cookbook_ that prevents linking 
of local images by remote sites, but that didn't seem to do the trick.

Here is the .htaccess file that I created:

<FilesMatch "\.pdf$">
SetEnvNoCase Referer "^http://outsite.edu" local_referer=1
Order Deny,Allow
Allow from env=local_referer
</FilesMatch>

This doesn't prevent a pdf file from being delivered if the user types 
in the URL directly.



-- 
Richard S. Crawford
Programmer III
UC Davis Extension Distance Education Group (http://unexdlc.ucdavis.edu)
2901 K Street, Suite 200C
Sacramento, CA  95816
(916)327-7793


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message