CSS Help
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me

The Shed is going Social! Join us on FaceBook and Twitter and chime in on the conversation.

Go Back   Dev Shed ForumsWeb DesignCSS Help

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
  #1  
Old May 2nd, 2001, 04:57 PM
hebbarus hebbarus is offline
I like buffy.
Dev Shed Newbie (0 - 499 posts)
 
Join Date: Jan 2001
Location: Sweden
Posts: 6 hebbarus User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Red face


hi, is there any way to prevent surfers to download and view my .js files and .css files on my server? can I set up apache to prevent them??
thanks!

Reply With Quote
  #2  
Old May 2nd, 2001, 05:41 PM
freebsd freebsd is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
 
Join Date: Jan 2001
Posts: 5 freebsd User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
You can't. Whether they are .js or .css doesn't matter simply because they are not inlined. To find out what inline really means, go to http://www.engelschall.com/pw/apache/rewriteguide/ and check Blocked Inline-Images.

Always some examples!!

1) Example of http://www.yourdomain.com/mypic.html (this is not inline image, just like your .css file):

<html>
<body>
<h1>Hello World</h1>
<p><img src="/image/my_pic.jpg"></p>
</body>
</html>

When requesting this page, Apache really sends two request_uri: /mypic.html and /image/my_pic.jpg.
If you block your non-inline image or .css or whatever, you would get a broken image because access to it has been denied.

2) Same example but with inline image of my_original_size_pic.jpg

<html>
<body>
<h1>Hello World</h1>
<p><a href="/inline-image/my_original_size_pic.jpg"><img src="/image/my_thumbnail_pic.jpg"></a></p>
</body>
</html>

When requesting this page, Apache sends two request_uri: /mypic.html and /image/my_thumbnail_pic.jpg but not /inline-image/my_original_size_pic.jpg until a click to your thumbnail.

When requesting your inline image (/inline-image/my_original_size_pic.jpg), the HTTP_REFERER should be from your site (http://www.mydomain.com/mypic.html specifically). If it's not, you can block your my_original_size_pic.jpg based on the env value of HTTP_REFERER.

Your question is really similar to How can i hide the html source code from the browser view source message found in Security forum. Many foolish people still think it's possible and continue posting to that stupid thread without having a real understanding of how the web really works.

Last edited by freebsd : May 2nd, 2001 at 05:49 PM.

Reply With Quote
Reply

Viewing: Dev Shed ForumsWeb DesignCSS Help > protect css/js files?

Developer Shed Advertisers and Affiliates



Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump

Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 


Powered by: vBulletin Version 3.0.5
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.

© 2003-2013 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap