473,594 Members | 2,976 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

How do I prevent someone linking to my file?

So I have a file, which is a zip file I want to let people download.
But I don't want to let other sites link to my zip file -- I only want
people to be able to download the file by going through my site. I
know there are ways to prevent a file from being linked to if it's a
php page, but this isn't a php page, it's a zip file.

Any help would be tremendously appreciated. My apologies if this
isn't the appropriate newsgroup for this message.

George
Jul 20 '05 #1
5 2790
In post <e5************ *************@p osting.google.c om>
George said...
So I have a file, which is a zip file I want to let people download.
But I don't want to let other sites link to my zip file -- I only want
people to be able to download the file by going through my site.


not possible but you can fool some people some of the time.

(assumes apache with appropriate setup) stick one of the below in a
..htaccess file[1] for the directory you want the directives to apply
to. child directories inherit the directives so if you stick it in
your root the directives will apply to all of your site.

#returns a HTTP 403 forbidden error
SetEnvIfNoCase Referer "^http://(www\.)?example .com" local_ref=1
<FilesMatch "\.(zip)">
# or "\.(zip|jpg|png |gif)" for images as well.
Order Allow,Deny
Allow from env=local_ref
</FilesMatch>

#returns a HTTP 403 forbidden error
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example .com/.*$ [NC]
RewriteRule \.(zip)$ - [F]

#returns a substitute zip file (evil.zip) instead of the zip requested
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example .com/.*$ [NC]
RewriteRule \.(zip)$ http://www.example.com/evil.zip [R,L]

all three check to see what the referer is and if its not your domain
returns the 403 (or substitute zip). the referer is easily faked or
not sent at all.

[1] a .htaccess file is a plain text file named as shown. if you
create the file with notepad save the file with quotes to prevent
notepad from adding a .txt extension i.e: ".htaccess"

a hash '#' indicates a comment line. remove/change/add them if you
wish.

--
29/September/2003 12:28:41 pm
Jul 20 '05 #2
br******@usenet .alt-html.org says...

George said...
So I have a file, which is a zip file I want to let people download.
But I don't want to let other sites link to my zip file -- I only want
people to be able to download the file by going through my site.


not possible but you can fool some people some of the time.


If you have access to PHP and a moderate degree of control over the web
server, you certainly can.

Put the file in a directory on the server outside the web document root.
No other site will be able to reach it, full stop.

Put a page inside your site which uses the file fpassthru function of
PHP (which can read server files outside the web document root) to
deliver the file to browsers.

Geoff M
Jul 20 '05 #3
In post <MP************ ***********@new s.sbt.net.au>
Geoff Muldoon said...
I only want people to be able to download the file by going through my site.
not possible but you can fool some people some of the time.
If you have access to PHP and a moderate degree of control over the web
server, you certainly can.


read my follow up post where i corrected myself
--
29/September/2003 01:26:04 pm
Jul 20 '05 #4
"brucie" <br******@usene t.alt-html.org> schrieb im Newsbeitrag
news:12******** *******@alt-html.org...
read my follow up post where i corrected myself


Sorry where is the follow up post? Your .htaccess codes are very interesting
and I am also interested in the corrections.

--
Markus
Jul 20 '05 #5
In post <3f************ ***********@new s.easynet.ch>
Markus Ernst said...
read my follow up post where i corrected myself
Sorry where is the follow up post?
obviously not on your newsserver :-) probably an issue on my end. long
story.
Your .htaccess codes are very interesting and I am also interested in the
corrections.


the correction was simply:

not possible with this method but....

--
29/September/2003 09:30:11 pm
Jul 20 '05 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

7
2185
by: George Hernandez | last post by:
I have a site on a set of Linux Servers where my site is PHP enabled and I would like to prevent people from externally linking to content on my site and replace it with a warning image. I've researched the following to put in an .htaccess file on teh root of my server, but none of the methods or changes or suggestions I've found on the web work... ============================================================ RewriteCond %{HTTP_REFERER}...
6
2369
by: Bill | last post by:
If I've got images in a directory, and I define that directory as an application directory (so I have a global.asa in it), what does my global.asa have to look like to prevent linking of images?
7
5096
by: Steven T. Hatton | last post by:
Is there anything that gives a good description of how source code is converted into a translation unit, then object code, and then linked. I'm particularly interested in understanding why putting normal functions in header files results in multiple definition errors even when include guards are used. -- STH Hatton's Law: "There is only One inviolable Law" KDevelop: http://www.kdevelop.org SuSE: http://www.suse.com Mozilla:...
8
4851
by: Smartin | last post by:
I have a form in Access97 which facilitates a query against a production Access database. Users will enter some search terms and see a datasheet view of the results in a subform. The prod table is linked (the form is not included in the production mdb file). I need to ensure that an unexperienced user will not accidentally change the prod table. What measures should I take? So far I have done the following: In the subform, set Allow...
7
6542
by: wmkew | last post by:
Hello everyone I'm encountering a R6002 Runtime error and several bugs when trying to generate a simple Managed C++ application with .NET 2003. The main problem seems to arise from linking with LIBCMT(D).DLL. (My requirement is that we can't link with MSVCRT(D).LIB.) Below are steps I've followed, and the resulting problems 1. Using the New Project wizard, generate a Visual C++ .NET Class Library project (call it "Doomed") and a VC++...
0
1052
by: Steve E. | last post by:
Hello, Similar to the post below, can you advise what I can do so "aspx" isn't appended when saving a file in Netscape 7? Big thanks in advance for tolerating a Netscape-related question - I'm posting here as I'm all Microsoft in terms of platform and development, and am hopeful someone in this group who does cross-browser compatible sites has solved this...
18
3381
by: Gleep | last post by:
I've searched google intensely on this topic and it seems noone really knows how to approch this. The goal I don't want clients to give out their usernames and passwords to friends, since the site relies on subscrption fees. Sessions ID's are matched between the browser and the server. So a users can login with same username and password and those sessions are tracked individually. Some suggest create table fields with the session ID...
0
3970
by: xieml2007 | last post by:
Dear Madam or Sir, I encountered one problem which is quite similiar to the discussions launched at the web site: http://www.thescripts.com/forum/thread280324.html
1
1508
by: tomlebold | last post by:
How do you prevent a user from linking an Access application to SQL Server tables?
0
8255
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
8374
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
8010
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
6665
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
0
5413
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
3868
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
3903
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
2389
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
1
1486
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.