tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "G. Wade Johnson" <wade.john...@abbnm.com>
Subject Re: Urgent : Can we restrict access to a directory in tomcat
Date Mon, 09 Jun 2003 13:50:50 GMT
Unfortunately, this doesn't always work.

In the past, I've had problems with IE not sending the Referer header
on some requests.<shrug/>

G. Wade

Tom Oinn wrote:
> 
> The other way to do it would be to check the referer page, this seems to
> be quite a common trick and will confound most people trying to link
> directly to your images (which is what I imagine you're trying to
> prevent). There may be a more elegant way of doing it, but you could
> create a servlet that is mapped to your /images mount point which
> inspects the referer field in the request and, assuming it is valid,
> returns the appropriate content from a directory outside of your web
> application. As all requests would go through the servlet you have
> access control.
> 
> Tom
> 
> Shapira, Yoav wrote:
> > Howdy,
> > That one's tricky (and strange).  When you have a servlet or JSP, the
> > output the user sees is HTML.  In HTML, you have <img> tags.  The
> > browser will request those images normally in HTTP requests.  So from
> > the server's perspective, the request is the same whether the user types
> > in the image URL or you embed it in one of your pages.
> >
> > Would something like using a mangled images directory name ($KF_%# or
> > something) be sufficient?  A name that's hard for users to guess and use
> > directly?
> >
> > Yoav Shapira
> > Millennium ChemInformatics
> >
> >
> >
> >>-----Original Message-----
> >>From: Syed Nayyer Kamran [mailto:snayyer@wol.net.pk]
> >>Sent: Monday, June 09, 2003 9:33 PM
> >>To: tomcat-user@jakarta.apache.org
> >>Subject: Urgent : Can we restrict access to a directory in tomcat
> >>
> >>hi there,
> >>
> >>I want to restrict the user to access the images directly through the
> >
> > web.
> >
> >>They should be able to access these images through web pages developed
> >
> > as
> >
> >>jsp/servlet but should not be able to access these images displayed on
> >
> > page
> >
> >>by copying the image url to the address bar. Is tomcat directly support
> >>this functionality. or any other solution.
> >>
> >>Thanks in advance for any solution of the problem.
> >>
> >>
> >>Nayyer Kamran
> >
> >
> >
> >
> >
> > This e-mail, including any attachments, is a confidential business communication,
and may contain information that is confidential, proprietary and/or privileged.  This e-mail
is intended only for the individual(s) to whom it is addressed, and may not be saved, copied,
printed, disclosed or used by anyone else.  If you are not the(an) intended recipient, please
immediately delete this e-mail from your computer system and notify the sender.  Thank you.
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message