I think you got it right the first time. The OP wants to make sure
the referrer header is present and starts with http://www.mydomain.com
as opposed to http://www.anotherdomain.com. It'll help prevent other
sites from linking directly to resources on the OP's site.
-- David
On Apr 19, 2009, at 9:12 AM, André Warnier <a...@ice-sa.com> wrote:
André Warnier wrote:
Graeme Kidd wrote:
Hi,
Is there a way to configure tomcat to prevent some one from
downloading a file I host when they are not within my domain?
You may want to have a look here :
http://tuckey.org/urlrewrite/
It's a bit like the Swiss Army knife for this kind of thing.
You would normally do this on the base of the "Referer:" HTTP
header, which normally contains the URL of the page from which the
current request is coming from.
Upon re-reading your original post, it occurs tomme that I may have
misunderstood your request.
If you want to just block /all/ accesses to your server, except if
they come from one or more specific ranges of IP addresses, then you
could use a Remote Address Filter, like explained here :
http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html
If I am still misunderstanding, then you need to specify more
precisely what you mean by "not within my domain".
For example, you should be aware that
- IP addresses and DNS "domains" tend to overlap, but do not
necessarily overlap
- filtering accesses by originating IP address is relatively
efficient, but filtering by domain name much less so, because each
access then requires a reverse DNS lookup, which may not even work
in some cases
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
