Forum Moderators: coopster
I moved the files to a dir that is outside the apache document root and then create a php script that retrieves the image based on the id. I'm 'protecting' gifs and jpegs with some code like:
if(!isset($_SERVER["HTTP_REFERER"]) ¦¦ (!strstr($_SERVER["HTTP_REFERER"],'http://'.$_SERVER[SERVER_NAME])))
{
...error
}else{
...get the image and so...
}
Then i call the script on a <img ...> tag for gifs and jpegs. But when i try to do so with flash movies it seems that $_SERVER[HTTP_REFERER] doesn't exist (i presume it is because it is an embeded object).
So I'm wondering what can i do to protect swf as well. Maybe using an encrypted code, but i don't want to overload the server just to get an image, you know.
Any suggestions?
RewriteEngine on
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://(www\.)?your_domain.com/.*$ [NC]
RewriteRule \.(gif¦jpg¦swf)$ - [F]
I'm getting an internal server error tough ("Invalid command 'RewriteEngine'" on the error log), I'm running Apache/1.3.12
Is there a special module I should use?
SN
the best way is to generate the filename dynamically to a random string- usable just one time for one download
vince: i know it can be forged, it is not 'critical' it is just for making it difficult for the mayority of users. THKS.
