Refering from a script

Forum Moderators: phranque

Message Too Old, No Replies

Refering from a script

any test to do?

carfac

5:08 pm on Dec 11, 2005 (gmt 0)

Hi:

I would like to know what sort of test I can use to check that a file is being called by a script, and not directly.

For instance, I have page "a.html" that calls a CGI script "test.cgi" to insert image "a.jpg" into page "a.html"

I thought I could check the referer for "test.cgi", but that is not the case, my logs show referer as "a.html".

Is there any other way I can make sure "a.jpg" is called by "test.cgi" ONLY and not directly?

Thanks!

Dave

jdMorgan

5:36 pm on Dec 11, 2005 (gmt 0)

If the image is included as a file, then there is no need to check the referer; Just put the image in a directory that is not accessible via HTTP. Or, block all HTTP accesses to that one image using mod_access or mod_rewrite.

A 'Web page' is accessed by HTTP, but script includes and files 'included' by scripts are normally accessed in the filesystem, and the scripts and images need not be HTTP accessible.

I hope that's clear - this stuff is kinda hard to describe. It all has to do with where the "URL world" ends and the "filesystem world" begins, and the boundary between the two.

Jim

carfac

2:04 am on Dec 12, 2005 (gmt 0)

Hi Jim:

Not sure if I understand you, but it did just get a lightbulb go off in my head. That is, if I put the images I want to protect ABOVE tyhe web root, that does the same thing- the CGI can access it, but NOT the web at large... and no need for mod-rewrite.

Simple!

Jim- you know your stuff- thanks and Happy Holidays!

Dave