Forum Moderators: phranque
Can anyone tell me if this is possible with .htaccess?
To prevent all direct linking to an image (I'm not talking about hotlinking) except if called from a script, php or perl, on that same server.
i.e. requesting http://example.com/image.jpg directly will be denied, but if a script running on the same server were to output a dynamic html page that contained a call to image.jpg ( as in <image src ="image.jpg">it would be allowed.
Is this possible using ip deny and "localhost" for example?
Any help or advice on this would be most helpful. I am trying to protect iptc data in images being available for anyone with the iptc extraction capability ( I can't encrypt the iptc data)
Many thanks in advance
Freizag
[edited by: jdMorgan at 12:45 pm (utc) on Sep. 7, 2009]
[edit reason] example.com [/edit]
If the link to the image is on an HTML page, then the request comes from the client (browser) not the server.
Replace your image links (functionally by changing the links themselves, or effectively by mod_rewriting the existing links) to point to a script. The script does validation (e.g. checks for user logged-in or a previously-set cookie) and then reads the image file data and outputs it. In much the same way that your dynamic "pages" are currently produced by a script, we will now use another script to serve image data.
The whole problem will become a lot easier to think about if you consider that URLs are different from files, and that URLs are Web-accessible, while files are accessible only within the server. You can insert mod_rewrite code and server-side scripting 'in between' the Web URL requests and the server's default action of serving a file in response to URL-requests.
Jim
Great website, keep up the good work :-)
Freizag
