[nycbug-talk] direct file access denied via htaccess
George Georgalis
george
Thu Jun 16 00:51:08 EDT 2005
On Wed, Jun 15, 2005 at 04:53:32PM -0400, steve rieger wrote:
>hi all am trying (dont even know if this is possible) to prevent anybody
>and all from accessing anhy files via http directly
>
>i know the proper syntax for preventing hotlinking
>
>
># cat .htaccess
>RewriteEngine on
>RewriteCond %{HTTP_REFERER} .
>#RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.(com?net) [NC]
>RewriteRule \.(gif|jpg|bmp|mid|css)$ - [F,NC]
>
>but say that you know that i have a jpg at
>http://www.mydomain.com/stever/junk/001.jpg
>
>i need to prevent anybody from pasting that into their browser and
>getting that image. the above htaccess file aint working, how can i make
>this happen.
one approach is to slice it up into 4, 6, or 9 pieces, render it in your
page with tables... people can still reconstruct the image from the
cache, or saving the web page, printing to postscript, etc etc, but you
knew can't stop everyone all the time. You could get real obscure and
take over lapping sections and carefully overlap/reconstruct them...
make the boundries and html random generated by a script; you think
anyone would reconstruct them?
I tried this once but it didn't work for me...
http://httpd.apache.org/docs/env.html
Prevent "Image Theft"
http://www.serverwatch.com/tutorials/article.php/1132731
Keeping Your Images from Adorning Other Sites
SetEnvIfNoCase Referer "^http://my.apache.org/" local_ref=1
<FilesMatch ".(gif|jpg)">
Order Allow,Deny
Allow from env=local_ref
</FilesMatch>
// George
--
George Georgalis, systems architect, administrator Linux BSD IXOYE
http://galis.org/george/ cell:646-331-2027 mailto:george at galis.org
More information about the talk
mailing list