httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From PMilan...@nypl.org
Subject RE: [users@httpd] Restricting page access
Date Thu, 10 Mar 2005 19:12:31 GMT
This is not safe anyhow. Many browsers/users have the ability to fake the
referrer, or leave it out. This means that if those users try to access
your site, they will have a problem. It is not problem free, even if you
get it working. 

> -----Original Message-----
> From: rcrawford@unexmail.ucdavis.edu
> [mailto:rcrawford@unexmail.ucdavis.edu]
> Sent: Thursday, March 10, 2005 1:12 PM
> To: sitz@onastick.net
> Cc: users@httpd.apache.org
> Subject: Re: [users@httpd] Restricting page access
> 
> Noah wrote:
> > On Wed, Mar 09, 2005 at 02:54:54PM -0800, Richard Crawford wrote:
> >
> >>I tried adapting the solution from the _Apache Cookbook_ that prevents
> linking
> >>of local images by remote sites, but that didn't seem to do the trick.
> >>
> >>Here is the .htaccess file that I created:
> >>
> >><FilesMatch "\.pdf$">
> >>SetEnvNoCase Referer "^http://outsite.edu" local_referer=1
> >>Order Deny,Allow
> >>Allow from env=local_referer
> >></FilesMatch>
> >
> >
> > You don't specify a Deny directive here:
> >
> > <FilesMatch "\.pdf$">
> > SetEnvNoCase Referer "^http://outsite.edu" local_referer=1
> > Order deny,allow
> > Deny from all
> > Allow from env=local_referer
> > </FilesMatch>
> 
> Thanks for the tip.
> 
> It's still not working, but I think I know why; it has to do with the
> JRun configuration, and not Apache.
> 
> --
> Richard S. Crawford
> Programmer III
> UC Davis Extension Distance Education Group (http://unexdlc.ucdavis.edu)
> 2901 K Street, Suite 200C
> Sacramento, CA  95816
> (916)327-7793
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message