How  to prevent  remote access to a  website folder?

dory550
dory550 used Ask the Experts™
on
Hi Guys
I am running an eCommerce website using Microsoft  platform
My website is hosted on a  VPS  ( Plesk )
i am using  Classic Asp
I lam looking to  prevent  remote access to a  website folder  ( My  Image folder)
What are my alternatives?
Any help is appreciated
Thanks
Dory
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
ZeropointNRGHedge Fund Manager

Commented:
Add this to the top level of your config file.

<configuration>
    <system.webServer>   
         <security>
          <requestFiltering>
            <hiddenSegments>
              <add segment="images" />
            </hiddenSegments>
          </requestFiltering>
        </security>
    </system.webServer>
</configuration>

Open in new window


site.com/images/img.png will be blocked.
Hi,

You can create a .htaccess file in the /images directory and place the following code in it,
deny from all

Open in new window


Or you can use password protection from Plesk:
https://docs.plesk.com/en-US/onyx/customer-guide/websites-and-domains/restricting-access-to-content.65152/
David FavorFractional CTO
Distinguished Expert 2018

Commented:
You have 2x choices.

1) Block all access to the images folder, which will result in no one having access.

Likely not what you're after, as this means any visitors will get 404 errors for all images, so visitors will see the broken image link icon, rather than the actual image.

2) Block hotlinking, which is when someone links to your images from an external site, only these requests are blocked.

This allows visitors to your site to see all images + hotlinking to be blocked.

Note: Mention which of these you're trying to accomplish.
Fractional CTO
Distinguished Expert 2018
Commented:
https://stackoverflow.com/questions/21100797/iis-prevent-image-hotlinking-both-http-and-https provides details about blocking hotlinking in IIS, if this is what you really mean by this question.
You can use an online tool like this to generate the .htaccess code
http://www.htaccesstools.com/hotlink-protection/
Scott FellDeveloper & EE Moderator
Fellow 2018
Most Valuable Expert 2013

Commented:
I have a feeling David's second option is what you are after - preventing hotlinking.

Yes, it is annoying when this happens. But preventing hot linking can help but I think you will find it is not common.  You can have a watermark added to your images automatically or as one off. You can install https://imagemagick.org for instance and have all your images in one folder get updated with some type of semitransparent watermark with your domain name.  

That method is the easiest for the user which ends having an effect on your seo. Sometimes people do share images for a good reason.

You could time code your images folder.  In other words change the images folder to something like a hash of the current date, hour and salt.  
<%
salt="abc123"
img_folder = md5(date(now)&hour(now)&salt)
%>
<img src="/<%=img_folder%>/pic1.jpg">

Open in new window

That means you would have to run a scheduled task every hour that changes the folder name.  Once a day vs every hour may be easier and less likely to run into issues

No matter what method you use, somebody could still download the image or use a program like httrack to scrape everything.

In the end, watermarking is going to be the best option.

Author

Commented:
David
Thanks for your help
Dory

Author

Commented:
Thanks for your help
Dory
David FavorFractional CTO
Distinguished Expert 2018

Commented:
You're welcome!

Good luck!
David FavorFractional CTO
Distinguished Expert 2018

Commented:
@Scott, I like your idea of watermarking also.

I like the idea of having hotlinked images show up with some useful or annoying watermark... on other sites...

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial