[pmwiki-users] Protect uploaded files from direct access?
Neil Herber (nospam)
nospam at eton.ca
Tue Jun 5 10:12:49 CDT 2007
On 2007-06-05 Ian MacGregor is rumoured to have said:
> If you decide to go the .htaccess route, I may be able to help.
> I use a .htaccess file in my document root to protect .jpg, .png, .gif
> and .bmp files from being directly linked. Here's the contents of
> the .htaccess file:
>
> # -- Begin protection --
> RewriteEngine on
> RewriteCond %{HTTP_REFERER} !^http://imacgregor.com/.*$ [NC]
> RewriteCond %{HTTP_REFERER} !^http://imacgregor.com$ [NC]
> RewriteCond %{HTTP_REFERER} !^http://www.imacgregor.com/.*$ [NC]
> RewriteCond %{HTTP_REFERER} !^http://www.imacgregor.com$ [NC]
> RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ http://www.google.com [R,NC]
> # -- End protection --
>
> As you can see, directly linking to (or typing in a browser) a file such as:
> http://imacgregor.com/uploads/Gallery/crystal-tux-lt.png will redirect you to
> www.google.com.
>
Since it looks like you are trying to defeat "leeches" who grab your
images directly, is it really fair to offload them onto a third party ?
Admittedly, Google has loads of bandwidth, but a better solution might
be to redirect to a single image file on your site that contains a
message such as "To see this image go to imacgregor.com!". Then you
won't be leeching off Google. ;-)
--
Neil Herber
Corporate info at http://www.eton.ca/
More information about the pmwiki-users
mailing list