This week's book giveaway is in the OCAJP forum.
We're giving away four copies of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) and have Khalid A Mughal & Rolf W Rasmussen on-line!
See this thread for details.
Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Apache httpd : Restrict access to files when accessed via the absolute url

 
Chetan Parekh
Ranch Hand
Posts: 3640
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have an image file named myimage.bmp and I want that this file should be viewable within the site but shouldn't be viewable when a user type in the full url in the browser (http://www.mysite.com/static/images/myimage.bmp).

We have Tomcat to server dynamic contents and Apache to server static contents. All images resides on Apache server and it forward request to Tomcat for dynamic contents.
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sounds like the server should be looking at the REFERER header, and only serve the image if it's from the correct site(s). That header isn't sent when the image URL is typed into the browser.
 
Chetan Parekh
Ranch Hand
Posts: 3640
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Ulf Dittmer for reply.

I proposed this solutions but it was rejected as having value for REFERER is optional as per the HTML specification. (http://www.w3.org/Protocols/HTTP/HTRQ_Headers.html#z14).

By googling I reached to a suggestion to use cookies for this matter and I am working on this part. (http://www.webmasterworld.com/apache/3790319.htm).

I am exploring other possibilities also. Do you have any in your mind?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic