Solved

The best way to restrict access to file using Referrer (iis)

Posted on 2012-03-29
5
1,947 Views
Last Modified: 2012-03-30
Hello.

I have lot of media on my server (video and images).
I want to block the access to the files directly and allow to view the files when there are embed in my  webpage. (for example: www.example.com)

What is the best way to do it?

I am using IIS7.

If it is not possible in IIS7, I would like to hear ideas, how to do it in APACHE. (I can move to apache)
0
Comment
Question by:Aminadav
  • 2
  • 2
5 Comments
 

Accepted Solution

by:
Aminadav earned 0 total points
ID: 37785257
I don't like this website always need to search for answers alone.

To do it,
go to IIS7,  URL Rewrite module.
Create new rule from template, request blocking.
Change it to header "referrer", and doent match text:
"*.example.com/*"
0
 

Author Closing Comment

by:Aminadav
ID: 37785260
I found it alone.
0
 
LVL 79

Expert Comment

by:David Johnson, CD, MVP
ID: 37785335
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 37785967
hope you're aware that the Referer check is no bullet proof solution
0
 
LVL 79

Expert Comment

by:David Johnson, CD, MVP
ID: 37786022
It is one of the easiest to bypass. Another way is to encode the file and then send it byte by byte, which I was working on a finished piece of code when the asker closed the question.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Compromised PC? 17 219
IIS Server infected with Ransomware - Postmortem investigation 12 197
Best motion capture software for windows 7 5 107
Network Security Solution 7 45
Enterprise Password Manager Suites as well as Local Password managers are covered in this article.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question