Protecting SWF Files - But still making them accessible

Fix it!!

Protecting SWF Files - But still making them accessible

Postby takuhii » Thu Nov 29, 2007 8:04 am

I have some files on a sub-domain name, and want to protect them from being directly accessed, but I still want the accessible by there referring files... i.e.

http://subdom.xxxxx.com/flash.swf - doesn't work
http://subdom.xxxxx.com/flash.html (which refers flash.swf) works!!

Is this possible, how do I do it?? I am a total newbie at this...
takuhii
 
Posts: 3
Joined: Mon Nov 19, 2007 1:57 am
Location: UK

Postby richardk » Thu Nov 29, 2007 3:20 pm

It can't be reliably done. The closest you can get is to check the Referer header (hotlink protection) which can be blank and faked
Code: Select all
Options +FollowSymLinks

RewriteEngine On

RewriteCond %{HTTP_REFERER} !^(http://(www\.)?example\.com(/.*)?)?$ [NC]
RewriteRule \.swf$ /? [R,L]

but it will still allow direct access (or it would block people with an empty Referer header).
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am


Return to Security with Mod_Rewrite

Who is online

Users browsing this forum: No registered users and 14 guests

cron