File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Apache httpd : Restrict access to files when accessed via the absolute url

 
Chetan Parekh
Ranch Hand
Posts: 3640
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have an image file named myimage.bmp and I want that this file should be viewable within the site but shouldn't be viewable when a user type in the full url in the browser (http://www.mysite.com/static/images/myimage.bmp).

We have Tomcat to server dynamic contents and Apache to server static contents. All images resides on Apache server and it forward request to Tomcat for dynamic contents.
 
Ulf Dittmer
Rancher
Pie
Posts: 42966
73
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sounds like the server should be looking at the REFERER header, and only serve the image if it's from the correct site(s). That header isn't sent when the image URL is typed into the browser.
 
Chetan Parekh
Ranch Hand
Posts: 3640
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Ulf Dittmer for reply.

I proposed this solutions but it was rejected as having value for REFERER is optional as per the HTML specification. (http://www.w3.org/Protocols/HTTP/HTRQ_Headers.html#z14).

By googling I reached to a suggestion to use cookies for this matter and I am working on this part. (http://www.webmasterworld.com/apache/3790319.htm).

I am exploring other possibilities also. Do you have any in your mind?
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic