On Mon, 2002-04-29 at 20:12, Patrick Hsieh wrote: > If I want to avoid user to directly access my .html files, say type the > complete url in the browser, is it possible? > > In PHP, I can check the HTTP_REFERER to make sure connections originates > from the same website. If the HTTP_REFERER is empty or not belongs to > the same website, I can redirect the client to another webpage. However, > when it comes to static .html or even .jpg files, is it possible to > configure apache to avoid that situation?
We use mod_rewrite to block external websites from directly linking to images on one of our websites. Based on the situation, we either return a 403 Forbidden code or provide a watermarked version of the requested image. Please keep in mind the advice given by others on this list that you can't thrust user-supplied data. You can't use HTTP_REFERER to protect your data, but it's a great tool to stop external websites from stealing your bandwidth. -- Tot ziens, Bart-Jan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
