× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. WEB400
  3. May 2016

Re: Serving files without direct links perhaps

You can check the HTTP_REFERER environment variable but what do you do when the visitor hits your web site for the first time? The value will be null but that could also be a spoofed HTTP_REFERER value.

Bottom line is that this check will help but it is not 100% reliable.

Thanks,
Todd


-----Original Message-----
From: WEB400 [mailto:web400-bounces@xxxxxxxxxxxx] On Behalf Of Kevin Bucknum
Sent: Friday, May 20, 2016 2:38 PM
To: Web Enabling the IBM i (AS/400 and iSeries)
Subject: Re: [WEB400] Serving files without direct links perhaps

You want to check and see if the referrer is your domain, and if it's not, redirect the page. This is a common setup and there are many examples out there. https://www.google.com/?gws_rd=ssl#q=apache+directive+disable+hot+linking


Kevin Bucknum
Senior Programmer Analyst
MEDDATA/MEDTRON
Tel: 985-893-2550

-----Original Message-----
From: WEB400 [mailto:web400-bounces@xxxxxxxxxxxx] On Behalf Of Joe W Holt
Sent: Friday, May 20, 2016 1:31 PM
To: Web Enabling the IBM i (AS/400 and iSeries)
Subject: Re: [WEB400] Serving files without direct links perhaps


I did find an apache configuration change that worked although I'm not certain if it will work for long term since I may have more than one domain to deny.

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://example.com/ RewriteRule /* http://www.google.com [R,L]

Adding this and changing the appropriate values I was able to deny one domain. If anyone knows a better way please share.

***
Regards,
Joe W Holt
Sr Programmer/Developer
Jack Onofrio Dog Shows, LLC
405.427.8181



From: "Joe W Holt" <joe.holt@xxxxxxxxxxx>
To: WEB400@xxxxxxxxxxxx
Date: 05/20/2016 12:56 PM
Subject: [WEB400] Serving files without direct links perhaps
Sent by: "WEB400" <web400-bounces@xxxxxxxxxxxx>





Anyone have a great idea on how I can setup either the Apache server, an RPG program, or something else on the IBMi to serve files from our web server to the public but only if they are requesting them from our domain?
We have some issues with others direct linking to some of our docs that we would rather only serve them if they are being clicked when on our site.
I've seen PHP examples but not pulling that trigger yet on our system. Any ideas are appreciated.

***
Regards,
Joe W Holt
Sr Programmer/Developer
Jack Onofrio Dog Shows, LLC
405.427.8181

For More Than 85 Years—Delivering Solutions That Exceed Expectations.

This communication and any transmitted documents are intended to be confidential. If there is a problem with this transmission, please contact the sender. If the reader of this message is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.