By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
434,998 Members | 2,903 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 434,998 IT Pros & Developers. It's quick & easy.

How to restrict access to php program?

P: n/a
gsb
I have a php program that sends images to my html pages.
<img src="url/send.php?id=whatever" ...

How can I stop people from linking this php program from another site or
simply typing it into their browser address bar?
Can I stop a 'wget' for example?

Thanks,

gsb
Jul 17 '05 #1
Share this Question
Share on Google+
6 Replies


P: n/a

"gsb" <gs*@QWest.net> wrote in message
news:6F*****************@news.uswest.net...
I have a php program that sends images to my html pages.
<img src="url/send.php?id=whatever" ...

How can I stop people from linking this php program from another site or
simply typing it into their browser address bar?
Can I stop a 'wget' for example?

Thanks,

gsb


1. allow only HTTP_POST
2. allow only your HHTP_REFERER
3. username & password
4. hosts.allow



Jul 17 '05 #2

P: n/a
> How can I stop people from linking this php program from another site or
simply typing it into their browser address bar?
Can I stop a 'wget' for example? No, you can't - what a browser can do, a download manager can do, too.

You could just stop some download managers by checking for theyr user-agents - that's all you can do. 1. allow only HTTP_POST With Images?
2. allow only your HHTP_REFERER

Many people have disabled the referer. But you can of course check for if there is a referrer, it has to be on your site.

--
mfg Christian (Chronial "at" web.de)

--
Composed with Newz Crawler 1.5 http://www.newzcrawler.com/
Jul 17 '05 #3

P: n/a

"Christian Fersch" <Fr********@web.de> wrote in message
news:br*************@news.t-online.com...
How can I stop people from linking this php program from another site or
simply typing it into their browser address bar?
Can I stop a 'wget' for example? No, you can't - what a browser can do, a download manager can do, too.

You could just stop some download managers by checking for theyr

user-agents - that's all you can do.
1. allow only HTTP_POST

With Images?
2. allow only your HHTP_REFERER

Many people have disabled the referer. But you can of course check for if

there is a referrer, it has to be on your site.
--
mfg Christian (Chronial "at" web.de)

--
Composed with Newz Crawler 1.5 http://www.newzcrawler.com/


Guess you may be right about the POSTs Christian.
I misread his message as other people were sending (or uploading) images to
him.


Jul 17 '05 #4

P: n/a
gsb
Christian,

I'm a light weight here for sure. Thanks for your help, all.
I do not understand "...checking for their user-agents..."
What would I be checking for and how could I use this.

xyzzy,

Thanks. I'm looking into both the http_referrer and my .htaccess settings.
Login is not an option here.

Thanks again all,

gsb
Jul 17 '05 #5

P: n/a
Every Programm should give it's name in the user-agent Header when accesing a webserver.
Just don't allow acces with user-agents known as download managers.

But of course a lot of download managers fake theyr user-agent, so you can't protect yourself from them.

--
mfg Christian (Chronial "at" web.de)

--
Composed with Newz Crawler 1.5 http://www.newzcrawler.com/
Jul 17 '05 #6

P: n/a
gsb
Thanks again.
gsb

"Christian Fersch" <Fr********@web.de> wrote in message
news:br*************@news.t-online.com...
Every Programm should give it's name in the user-agent Header when accesing a webserver. Just don't allow acces with user-agents known as download managers.

But of course a lot of download managers fake theyr user-agent, so you can't protect yourself from them.
--
mfg Christian (Chronial "at" web.de)

--
Composed with Newz Crawler 1.5 http://www.newzcrawler.com/

Jul 17 '05 #7

This discussion thread is closed

Replies have been disabled for this discussion.