RE: [users@httpd] Restricting page access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is not safe anyhow. Many browsers/users have the ability to fake the
referrer, or leave it out. This means that if those users try to access
your site, they will have a problem. It is not problem free, even if you
get it working. 

> -----Original Message-----
> From: rcrawford@xxxxxxxxxxxxxxxxxxxx
> [mailto:rcrawford@xxxxxxxxxxxxxxxxxxxx]
> Sent: Thursday, March 10, 2005 1:12 PM
> To: sitz@xxxxxxxxxxxx
> Cc: users@xxxxxxxxxxxxxxxx
> Subject: Re: [users@httpd] Restricting page access
> 
> Noah wrote:
> > On Wed, Mar 09, 2005 at 02:54:54PM -0800, Richard Crawford wrote:
> >
> >>I tried adapting the solution from the _Apache Cookbook_ that prevents
> linking
> >>of local images by remote sites, but that didn't seem to do the trick.
> >>
> >>Here is the .htaccess file that I created:
> >>
> >><FilesMatch "\.pdf$">
> >>SetEnvNoCase Referer "^http://outsite.edu"; local_referer=1
> >>Order Deny,Allow
> >>Allow from env=local_referer
> >></FilesMatch>
> >
> >
> > You don't specify a Deny directive here:
> >
> > <FilesMatch "\.pdf$">
> > SetEnvNoCase Referer "^http://outsite.edu"; local_referer=1
> > Order deny,allow
> > Deny from all
> > Allow from env=local_referer
> > </FilesMatch>
> 
> Thanks for the tip.
> 
> It's still not working, but I think I know why; it has to do with the
> JRun configuration, and not Apache.
> 
> --
> Richard S. Crawford
> Programmer III
> UC Davis Extension Distance Education Group (http://unexdlc.ucdavis.edu)
> 2901 K Street, Suite 200C
> Sacramento, CA  95816
> (916)327-7793
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux