hi, is there any way to prevent surfers to download and view my .js files and .css files on my server? can I set up apache to prevent them??
You can't. Whether they are .js or .css doesn't matter simply because they are not inlined. To find out what inline really means, go to http://www.engelschall.com/pw/apache/rewriteguide/ and check Blocked Inline-Images.
Always some examples!!
1) Example of http://www.yourdomain.com/mypic.html (this is not inline image, just like your .css file):
When requesting this page, Apache really sends two request_uri: /mypic.html and /image/my_pic.jpg.
If you block your non-inline image or .css or whatever, you would get a broken image because access to it has been denied.
2) Same example but with inline image of my_original_size_pic.jpg
<p><a href="/inline-image/my_original_size_pic.jpg"><img src="/image/my_thumbnail_pic.jpg"></a></p>
When requesting this page, Apache sends two request_uri: /mypic.html and /image/my_thumbnail_pic.jpg but not /inline-image/my_original_size_pic.jpg until a click to your thumbnail.
When requesting your inline image (/inline-image/my_original_size_pic.jpg), the HTTP_REFERER should be from your site (http://www.mydomain.com/mypic.html specifically). If it's not, you can block your my_original_size_pic.jpg based on the env value of HTTP_REFERER.
Your question is really similar to How can i hide the html source code from the browser view source message found in Security forum. Many foolish people still think it's possible and continue posting to that stupid thread without having a real understanding of how the web really works.
Last edited by freebsd; May 2nd, 2001 at 06:49 PM.