• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2477
  • Last Modified:

The best way to restrict access to file using Referrer (iis)

Hello.

I have lot of media on my server (video and images).
I want to block the access to the files directly and allow to view the files when there are embed in my  webpage. (for example: www.example.com)

What is the best way to do it?

I am using IIS7.

If it is not possible in IIS7, I would like to hear ideas, how to do it in APACHE. (I can move to apache)
0
Aminadav
Asked:
Aminadav
  • 2
  • 2
1 Solution
 
AminadavAuthor Commented:
I don't like this website always need to search for answers alone.

To do it,
go to IIS7,  URL Rewrite module.
Create new rule from template, request blocking.
Change it to header "referrer", and doent match text:
"*.example.com/*"
0
 
AminadavAuthor Commented:
I found it alone.
0
 
ahoffmannCommented:
hope you're aware that the Referer check is no bullet proof solution
0
 
David Johnson, CD, MVPOwnerCommented:
It is one of the easiest to bypass. Another way is to encode the file and then send it byte by byte, which I was working on a finished piece of code when the asker closed the question.
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now