Solved

The best way to restrict access to file using Referrer (iis)

Posted on 2012-03-29
5
1,861 Views
Last Modified: 2012-03-30
Hello.

I have lot of media on my server (video and images).
I want to block the access to the files directly and allow to view the files when there are embed in my  webpage. (for example: www.example.com)

What is the best way to do it?

I am using IIS7.

If it is not possible in IIS7, I would like to hear ideas, how to do it in APACHE. (I can move to apache)
0
Comment
Question by:Aminadav
  • 2
  • 2
5 Comments
 

Accepted Solution

by:
Aminadav earned 0 total points
ID: 37785257
I don't like this website always need to search for answers alone.

To do it,
go to IIS7,  URL Rewrite module.
Create new rule from template, request blocking.
Change it to header "referrer", and doent match text:
"*.example.com/*"
0
 

Author Closing Comment

by:Aminadav
ID: 37785260
I found it alone.
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 37785335
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 37785967
hope you're aware that the Referer check is no bullet proof solution
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 37786022
It is one of the easiest to bypass. Another way is to encode the file and then send it byte by byte, which I was working on a finished piece of code when the asker closed the question.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now