l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
July 21: Defensive computing: Information security for individuals
Next Installfest:
TBD
Latest News:
Jul. 4: July, August and September: Security, Photography and Programming for Kids
Page last updated:
2005 Mar 10 16:08

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Apache question: preventing direct access to files
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Apache question: preventing direct access to files



And behold, Micah Cowan flailed at a keyboard and did expound:

> Since you seem to be using ColdFusion (evidence has been snipped), you
> could probably write a short wrapper that will serve up the pdf file if
> the person "deserves" it; and remove the PDF files to outside of the web
> docs repository.

I tried that.  Didn't work, because in the setup, CF pages are delivered
by the JRun server, and not by the Apache server, so I can't use an Apache
redirect to get the wrapper to work.  And if I use an Apache rewrite to
make the page *not* delivered by JRun (I can do this by removing the cfmx
from the URL), then the Cold Fusion page does not work. Oy.

Yes, it is exactly the same problem as the hotlinking to image issue.  I
was thinking about it in the wrong way.  Silly me.

Here's what I finally put into httpd.conf:

RewriteCond %{HTTP_REFERER} ^$ [OR]
RewriteCond %{HTTP_REFERER} !^http://152.79.198.7/.*\cfm
RewriteRule .*\.pdf$ - [F]

I also added:

RewriteRule ^/cfmx/(.*\.pdf)$ /$1 [R,L]

though it's probably not necessary.


> BTW, don't ColdFusion suck? :-)

Yeah.  Oh, yeah.  More than you can imagine.  Fortunately, we're going to
start transitioning over to a PHP solution starting next month (the
transition will probably take over a year, but I'm really excited about
it).


-- 
Sláinte,
Richard S. Crawford (AIM: Buffalo2K)
http://www.mossroot.com   http://www.stonegoose.com/catseyeview
"We live as though the world were how it should be,
to show it what it can be."
--"Angel", Season 4 ep. 1
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.