Win a copy of Modern JavaScript for the Impatient this week in the Server-Side JavaScript and NodeJS forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
Bartenders:
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

Apache httpd : Restrict access to files when accessed via the absolute url

 
Ranch Hand
Posts: 3640
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have an image file named myimage.bmp and I want that this file should be viewable within the site but shouldn't be viewable when a user type in the full url in the browser (http://www.mysite.com/static/images/myimage.bmp).

We have Tomcat to server dynamic contents and Apache to server static contents. All images resides on Apache server and it forward request to Tomcat for dynamic contents.
 
Rancher
Posts: 43016
76
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sounds like the server should be looking at the REFERER header, and only serve the image if it's from the correct site(s). That header isn't sent when the image URL is typed into the browser.
 
Chetan Parekh
Ranch Hand
Posts: 3640
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Ulf Dittmer for reply.

I proposed this solutions but it was rejected as having value for REFERER is optional as per the HTML specification. (http://www.w3.org/Protocols/HTTP/HTRQ_Headers.html#z14).

By googling I reached to a suggestion to use cookies for this matter and I am working on this part. (http://www.webmasterworld.com/apache/3790319.htm).

I am exploring other possibilities also. Do you have any in your mind?
 
I can't renounce my name. It's on all my stationery! And hinted in this tiny ad:
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
    Bookmark Topic Watch Topic
  • New Topic