In my application, i am redirecting my control to a html file using response.sendRedirect(). Once this is done, that html file is freely accessible even if the url is copy-pasted into other browser. Is there any way that we can find out if client is trying to access that file directly. I cannot put file inside web-inf,because response.sendRedirect() is not authorised to redirect control to files inside web-inf. Any suggestions.