If the tomcat is running behind a apache server you could use the SetEnvIf directive to block the loading of images directly from other sites. Take a look at this article: http://www.serverwatch.com/tutorials/article.php/10825_1132731_2
-- Fábio Sato - [EMAIL PROTECTED] Em Ter 10 Jun 2003 17:32, Cox, Charlie escreveu: > you could put a value in the user's session from your page and then use > your filter to check for it when an image is requested. If it's not there, > they were not at your site/page. Sessions can be set to timeout, so they > would have to had to visit recently to get the image. > > Charlie > > > -----Original Message----- > > From: Justin Ruthenbeck [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, June 10, 2003 1:41 PM > > To: Tomcat Users List > > Subject: Re: Urgent : Can we restrict access to a directory in tomcat > > > > At 04:27 AM 6/10/2003, you wrote: > > >Apologies if I'm missing the point, but why can't you > > > > store/retrieve your > > > > >image from a blob field in your database ? > > > > You could, but the question is really, "How do I stop people > > from directly > > linking to my images (ie: only allow them to see the images if a > > jsp/servlet produces the page)?" Among other possibilities, > > this could be > > because you have images or other resources (celebrity photos > > come to mind) > > that other sites want to serve off of yours. If you've got a > > jsp/servlet > > app that is non-session based, how would you go about preventing this? > > > > A couple solutions have been offered -- all based on an > > authentication > > filter/servlet to decide whether the resource should be served. The > > question is: how should that filter/servlet make that decision? > > > > justin > > > > >----- Original Message ----- > > >From: "Dean Fantham" <[EMAIL PROTECTED]> > > >To: "Syed Nayyer Kamran" <[EMAIL PROTECTED]> > > >Cc: "Tomcat Users List" <[EMAIL PROTECTED]> > > >Sent: Tuesday, June 10, 2003 3:29 AM > > >Subject: Re: Urgent : Can we restrict access to a directory in tomcat > > > > > > > There is no guaranteed way to stop someone directly > > > > access a gif image > > > > > > via a browser url, because this is how an image is accessed by the > > > > browser itself anyways. The browser just makes a HTTP > > > > get request to > > > > > > the web-server (in this case tomcat) requesting the URL > > > > of the image to > > > > > > be included in the web page. > > > > > > > > i.e. in a standard jsp/servlet response to a web request the image > > > > request is embedded in a <img > > > > src=".../somedir/some-img.gif">. This is > > > > > > going to cause a browser request directory to the > > > > directory containing > > > > > > the image, which can also be duplicated in the browser. > > > > > > > > The only potential method that can catch most (but not > > > > all) of these > > > > > > would be to create a separate image handling jsp/servlet, say > > > > imageHandler. When imageHanlder servlet recieves an > > > > image request it > > > > > > can check the http-referrer header and ensure that the > > > > referrer is the > > > > > > url of the page to which the images are supposed to load, > > > > i.e. is the > > > > > > page containing the images in /servlet/somepage then the > > > > http-referrer > > > > > > that imageHandler see should be able to checked that it is > > > > /servlet/somepage. Someone can circumvent this control > > > > by the Internet, > > > > > > but just manually setting this header themselves (via a > > > > program or the > > > > > > like) and then having access directly to the images > > > > > > > > You would then have to update all image referrences on > > > > the somepage > > > > > > servelt/jsp however to something like <img > > > > src="/servlet/imagehandler?gif=somerefernce">. > > > > > > > > On Mon, 2003-06-09 at 18:32, Syed Nayyer Kamran wrote: > > > > > hi there, > > > > > > > > > > I want to restrict the user to access the images > > > > directly through the > > > > >web. They should be able to access these images through web > > > > pages developed > > > > >as jsp/servlet but should not be able to access these images > > > > displayed on > > > > >page by copying the image url to the address bar. Is tomcat > > > > directly support > > > > >this functionality. or any other solution. > > > > > > > > Thanks in advance for any solution of the problem. > > > > > > > > > > > > > > > Nayyer Kamran > > > > ____________________________________ > > Justin Ruthenbeck > > Software Engineer, NextEngine Inc. > > justinr - AT - nextengine DOT com > > Confidential > > See http://www.nextengine.com/confidentiality.php > > ____________________________________ > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
