Apache Config Question

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMBryce C at <-
MTom Emerson at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Bryce C
Date:  
Subject: Apache Config Question
Thanks! Please ignore my previous post as I found the the following at
http://httpd.apache.org/docs/env.html

Prevent "Image Theft"

This example shows how to keep people not on your server from using
images on your server as inline-images on their pages. This is not a
recommended configuration, but it can work in limited circumstances. We
assume that all your images are in a directory called /web/images. 

    SetEnvIf Referer "^http://www.example.com/" local_referal
    # Allow browsers that do not send Referer info
    SetEnvIf Referer "^$" local_referal
    <Directory /web/images>
       Order Deny,Allow
       Deny from all
       Allow from env=local_referal
    </Directory>


Note: spelling of 'referer' and 'referal' is intentional.

For more information about this technique, see the ApacheToday tutorial
" Keeping Your Images from Adorning Other Sites".


This is basically what I'm searching for except downloads instead of
images but what's the diff?
Thank You.


On Tue, 2002-08-20 at 22:29, Victor Odhner wrote:
> Bryce,
>
> First, glance at:
> http://www.lugatgt.org/articles/apache/#htacc
> http://httpd.apache.org/docs/mod/mod_access.html
>
> Those will give you an overview. Note especially
> the "order" clause that can give you non-intuitive
> results.
>
> This page seems to address what you were asking:
> http://www.rice.edu/web/access-control.html
> 
> For other references, do a Google search on
>    htaccess allow deny

>
> Normally this is handled in your httpd.conf file.
>
> Note that if httpd.conf does not permit overriding
> by the htaccess file, then the htaccess file has no
> effect. Search for "allow override" for details.
>
> See http://httpd.apache.org/docs/misc/security_tips.html
>
> In httpd.conf, I think you want something like this:
> 
>  <Directory /usr/local/httpd>
>      Order Deny,Allow
>      Deny from all    
>      Allow from 999.999.999.35  (or whatever)
>  </Directory>

>
> Bryce C wrote:
> >
> > Could someone please tell me or point me in the right direction for
> > limiting direct access / allowing access from only 1 web address using
> > an .htaccess file?
> >
> > --
> > Bryce Chidester
> > Network Administrator
> > CoBryce Communications
> > Bryce AT BryceCo DOT Net
> > http://www.bryceco.net
> >
> > ________________________________________________
> > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> >
> > PLUG-discuss mailing list -
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
> --
>
> Vic
>
> http://members.cox.net/vodhner/
> -- or --
> http://www.newearth.org/~victor/resume.html
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list -
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
--
Bryce Chidester
Network Administrator
CoBryce Communications
Bryce AT BryceCo DOT Net
http://www.bryceco.net



This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-OT: Palm device wanted.Linux on a low-spec laptop->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)