aspose file tools*
The moose likes Other Java Products and Servers and the fly likes Apache httpd : Restrict access to files when accessed via the absolute url Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Other Java Products and Servers
Bookmark "Apache httpd : Restrict access to files when accessed via the absolute url " Watch "Apache httpd : Restrict access to files when accessed via the absolute url " New topic
Author

Apache httpd : Restrict access to files when accessed via the absolute url

Chetan Parekh
Ranch Hand

Joined: Sep 16, 2004
Posts: 3636
I have an image file named myimage.bmp and I want that this file should be viewable within the site but shouldn't be viewable when a user type in the full url in the browser (http://www.mysite.com/static/images/myimage.bmp).

We have Tomcat to server dynamic contents and Apache to server static contents. All images resides on Apache server and it forward request to Tomcat for dynamic contents.

My blood is tested +ve for Java.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42612
    
  65
Sounds like the server should be looking at the REFERER header, and only serve the image if it's from the correct site(s). That header isn't sent when the image URL is typed into the browser.


Ping & DNS - my free Android networking tools app
Chetan Parekh
Ranch Hand

Joined: Sep 16, 2004
Posts: 3636
Thanks Ulf Dittmer for reply.

I proposed this solutions but it was rejected as having value for REFERER is optional as per the HTML specification. (http://www.w3.org/Protocols/HTTP/HTRQ_Headers.html#z14).

By googling I reached to a suggestion to use cookies for this matter and I am working on this part. (http://www.webmasterworld.com/apache/3790319.htm).

I am exploring other possibilities also. Do you have any in your mind?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Apache httpd : Restrict access to files when accessed via the absolute url