Xepher.Net Forums

Xepher.net => Technical Support => Topic started by: crescens on July 30, 2008, 04:19:07 AM

Title: Preventing access to certain folders
Post by: crescens on July 30, 2008, 04:19:07 AM
I store all the buffer for my webcomic in a folder that's very easy to get into, with a very easy to figure out numbering system.  I think that most webcomics scripts automatically encodes the name for you, but my script doesn't... 

So my problem is that lots of people are reading my webcomic directly from my cache, which I don't really like.  Is there a way to prevent people from accessing the images in any way other than from the site? 

Thanks in advance.
Title: Re: Preventing access to certain folders
Post by: Xepher on July 30, 2008, 04:35:04 AM
Well, it's trivial to prevent people from getting a LISTING of files in a directory. Easiest thing is just make a blank index.html file in it. But that doesn't fix things if the filenames are easy to guess. In that case, what you'll want to do is one of two things.

1. If you're mostly worried about people reading your images from other sites, you can setup mod_rewrite rules that will block any requests for files in that folder that weren't referred by a particular page/section of your site. That'll block people from just typing them in, or from linking to them from another site, but the referrer can be spoofed by people who know a bit about what they're doing. See http://xepher.net/forum/index.php?topic=475.0 for a discussion of that. It's a bit technical, but near the end of the thread should be some working examples you can tweak for your situation.

2. If you're worried about people reading the comic files in advance, and/or worried about technically adept people getting around the 1st solution, then you can modify your script to make the file permissions unreadable until after a certain date/time. That's gonna take a bit of programming though, and by that point, you may want to modify it to mask the filenames anyway.
Title: Re: Preventing access to certain folders
Post by: crescens on July 30, 2008, 05:57:49 PM
Yeah, I've already placed a blank index file in the directory to prevent anyone from getting into it, but... yeah, my numbering system is reeeaaally easy to guess because I thought that I'd start getting confused if I started to try and make up a coding system for it.  I think that that's what I have to do though, as I've just realized that for in some areas, I hotlink to the page itself, so setting up the mod_rewrite rules would be very inconvenient for me. :/

I kinda wish my script would do it, but considering that I have around 200 pages of archives, I really don't feel like switching to another script now...  I guess it's one of the things I should've taken into consideration before I set it up.
Title: Re: Preventing access to certain folders
Post by: Xepher on July 30, 2008, 09:28:55 PM
Well, you can set mod_rewrite just to work from your site, in general. You don't have to give specific pages that are valid or anything. If however, you mean "hotlink" as in you also link directly to images from other sites/forums/etc. then yeah, it could be a real pain. Without switching (or at least modifying) scripts, I'm not really sure what else you could do. There's just no way to distinguish between your legitimate hotlink, and someone else's that you wish to block... not without more scripting.