Hi,
While clicking on the image it opens into the browser. I dont want to allow client to open the image in browser as separate url. I have blocked the /image/ directory from access/listing , but the image is opening.
ex. http://example.com/images/1.jpg . The image should not open in browser with this URL.
How to stop that in apache. Please help me.
Shital S.
On 07/28/2014 08:08 PM, Shital Sakhare wrote:
While clicking on the image it opens into the browser. I dont want to allow client to open the image in browser as separate url.
Not possible. There is nothing in the http protocol that differentiates between a file being displayed inline inside other content and being downloaded separately. All the webserver knows is that the file was requested from the server and it delivers that file.
There are tricks you can do with client-side javascript, or with checking the referrer or user agent, etc. but all of them are easy to circumvent, and note that regardless of what you do that file has to be downloaded in order to be displayed in any capacity.
Peter
Try the below : http://stackoverflow.com/questions/18524511/how-can-i-block-direct-access-to...
On Mon, Jul 28, 2014 at 2:05 PM, Peter peter@pajamian.dhs.org wrote:
On 07/28/2014 08:08 PM, Shital Sakhare wrote:
While clicking on the image it opens into the browser. I dont want to
allow
client to open the image in browser as separate url.
Not possible. There is nothing in the http protocol that differentiates between a file being displayed inline inside other content and being downloaded separately. All the webserver knows is that the file was requested from the server and it delivers that file.
There are tricks you can do with client-side javascript, or with checking the referrer or user agent, etc. but all of them are easy to circumvent, and note that regardless of what you do that file has to be downloaded in order to be displayed in any capacity.
Peter _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
There is sort of fundamental question:
is the image delivered to my machine? Yes, as it is displayed within some other content. And as it is on my machine I will be able to save it as a separate file. Then, what's the point of blocking "direct URL"?
Thanks. Valeri
On Mon, July 28, 2014 3:59 am, Gopu Krishnan wrote:
Try the below : http://stackoverflow.com/questions/18524511/how-can-i-block-direct-access-to...
On Mon, Jul 28, 2014 at 2:05 PM, Peter peter@pajamian.dhs.org wrote:
On 07/28/2014 08:08 PM, Shital Sakhare wrote:
While clicking on the image it opens into the browser. I dont want to
allow
client to open the image in browser as separate url.
Not possible. There is nothing in the http protocol that differentiates between a file being displayed inline inside other content and being downloaded separately. All the webserver knows is that the file was requested from the server and it delivers that file.
There are tricks you can do with client-side javascript, or with checking the referrer or user agent, etc. but all of them are easy to circumvent, and note that regardless of what you do that file has to be downloaded in order to be displayed in any capacity.
Peter _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
Thanks Peter,
But I get it resolved. The setting is in Apache server itself. By adding rewrite rule into apache or .htaccess. Below is the code and it worked.
RewriteEngine On Options -Indexes RewriteBase / RewriteCond %{HTTP_REFERER} !^%{HTTP_HOST}$ [NC] RewriteRule .(swf|gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx)$ [R,L]
-- Shital S
On Mon, Jul 28, 2014 at 2:05 PM, Peter peter@pajamian.dhs.org wrote:
On 07/28/2014 08:08 PM, Shital Sakhare wrote:
While clicking on the image it opens into the browser. I dont want to
allow
client to open the image in browser as separate url.
Not possible. There is nothing in the http protocol that differentiates between a file being displayed inline inside other content and being downloaded separately. All the webserver knows is that the file was requested from the server and it delivers that file.
There are tricks you can do with client-side javascript, or with checking the referrer or user agent, etc. but all of them are easy to circumvent, and note that regardless of what you do that file has to be downloaded in order to be displayed in any capacity.
Peter _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 07/28/2014 12:03 PM, Shital Sakhare wrote:
RewriteEngine On Options -Indexes RewriteBase / RewriteCond %{HTTP_REFERER} !^%{HTTP_HOST}$ [NC] RewriteRule .(swf|gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx)$ [R,L]
This can be worked arround very easy with wget: http://www.askapache.com/linux/wget-header-trick.html
Look at the first "trick".
On 07/28/2014 09:03 PM, Shital Sakhare wrote:
Thanks Peter,
But I get it resolved. The setting is in Apache server itself. By adding rewrite rule into apache or .htaccess. Below is the code and it worked.
RewriteCond %{HTTP_REFERER} !^%{HTTP_HOST}$ [NC]
On Mon, Jul 28, 2014 at 2:05 PM, Peter peter@pajamian.dhs.org wrote:
There are tricks you can do with ... with checking the referrer ... but all of them are easy to circumvent,
You're referrer trick will only work against someone who doesn't know how to (easily) circumvent it.
Peter
-
Gopu Krishnan -
Mihamina Rakotomandimby -
Peter -
Shital Sakhare -
Valeri Galtsev