This week's book giveaway is in the OO, Patterns, UML and Refactoring forum.
We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line!
See this thread for details.
The moose likes Other Java Products and Servers and the fly likes Apache httpd : Restrict access to files when accessed via the absolute url Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Products » Other Java Products and Servers
Bookmark "Apache httpd : Restrict access to files when accessed via the absolute url " Watch "Apache httpd : Restrict access to files when accessed via the absolute url " New topic
Author

Apache httpd : Restrict access to files when accessed via the absolute url

Chetan Parekh
Ranch Hand

Joined: Sep 16, 2004
Posts: 3640
I have an image file named myimage.bmp and I want that this file should be viewable within the site but shouldn't be viewable when a user type in the full url in the browser (http://www.mysite.com/static/images/myimage.bmp).

We have Tomcat to server dynamic contents and Apache to server static contents. All images resides on Apache server and it forward request to Tomcat for dynamic contents.

My blood is tested +ve for Java.
Ulf Dittmer
Rancher

Joined: Mar 22, 2005
Posts: 42958
    
  73
Sounds like the server should be looking at the REFERER header, and only serve the image if it's from the correct site(s). That header isn't sent when the image URL is typed into the browser.
Chetan Parekh
Ranch Hand

Joined: Sep 16, 2004
Posts: 3640
Thanks Ulf Dittmer for reply.

I proposed this solutions but it was rejected as having value for REFERER is optional as per the HTML specification. (http://www.w3.org/Protocols/HTTP/HTRQ_Headers.html#z14).

By googling I reached to a suggestion to use cookies for this matter and I am working on this part. (http://www.webmasterworld.com/apache/3790319.htm).

I am exploring other possibilities also. Do you have any in your mind?
 
I’ve looked at a lot of different solutions, and in my humble opinion Aspose is the way to go. Here’s the link: http://aspose.com
 
subject: Apache httpd : Restrict access to files when accessed via the absolute url
 
It's not a secret anymore!