#1
  1. No Profile Picture
    I like buffy.
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2001
    Location
    Sweden
    Posts
    6
    Rep Power
    0

    Red face



    hi, is there any way to prevent surfers to download and view my .js files and .css files on my server? can I set up apache to prevent them??
    thanks!
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2001
    Posts
    4
    Rep Power
    0
    You can't. Whether they are .js or .css doesn't matter simply because they are not inlined. To find out what inline really means, go to http://www.engelschall.com/pw/apache/rewriteguide/ and check Blocked Inline-Images.

    Always some examples!!

    1) Example of http://www.yourdomain.com/mypic.html (this is not inline image, just like your .css file):

    <html>
    <body>
    <h1>Hello World</h1>
    <p><img src="/image/my_pic.jpg"></p>
    </body>
    </html>

    When requesting this page, Apache really sends two request_uri: /mypic.html and /image/my_pic.jpg.
    If you block your non-inline image or .css or whatever, you would get a broken image because access to it has been denied.

    2) Same example but with inline image of my_original_size_pic.jpg

    <html>
    <body>
    <h1>Hello World</h1>
    <p><a href="/inline-image/my_original_size_pic.jpg"><img src="/image/my_thumbnail_pic.jpg"></a></p>
    </body>
    </html>

    When requesting this page, Apache sends two request_uri: /mypic.html and /image/my_thumbnail_pic.jpg but not /inline-image/my_original_size_pic.jpg until a click to your thumbnail.

    When requesting your inline image (/inline-image/my_original_size_pic.jpg), the HTTP_REFERER should be from your site (http://www.mydomain.com/mypic.html specifically). If it's not, you can block your my_original_size_pic.jpg based on the env value of HTTP_REFERER.

    Your question is really similar to How can i hide the html source code from the browser view source message found in Security forum. Many foolish people still think it's possible and continue posting to that stupid thread without having a real understanding of how the web really works.
    Last edited by freebsd; May 2nd, 2001 at 05:49 PM.

IMN logo majestic logo threadwatch logo seochat tools logo