[nycbug-talk] direct file access denied via htaccess

George Georgalis george
Thu Jun 16 00:51:08 EDT 2005

On Wed, Jun 15, 2005 at 04:53:32PM -0400, steve rieger wrote:
>hi all am trying (dont even know if this is possible) to prevent anybody 
>and all from accessing anhy files via http directly
>i know the proper syntax for preventing hotlinking
># cat .htaccess
>RewriteEngine on
>RewriteCond %{HTTP_REFERER} .
>#RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.(com?net) [NC]
>RewriteRule \.(gif|jpg|bmp|mid|css)$ - [F,NC]
>but say that you know that i have a jpg at 
>i need to prevent anybody from pasting that into their browser and 
>getting that image. the above htaccess file aint working, how can i make 
>this happen.

one approach is to slice it up into 4, 6, or 9 pieces, render it in your
page with tables... people can still reconstruct the image from the
cache, or saving the web page, printing to postscript, etc etc, but you
knew can't stop everyone all the time. You could get real obscure and
take over lapping sections and carefully overlap/reconstruct them...
make the boundries and html random generated by a script; you think
anyone would reconstruct them?

I tried this once but it didn't work for me...

Prevent "Image Theft"
Keeping Your Images from Adorning Other Sites
        SetEnvIfNoCase Referer "^http://my.apache.org/" local_ref=1
        <FilesMatch ".(gif|jpg)">
            Order Allow,Deny
            Allow from env=local_ref

// George

George Georgalis, systems architect, administrator Linux BSD IXOYE
http://galis.org/george/ cell:646-331-2027 mailto:george at galis.org

More information about the talk mailing list