Denying directory listing and htaccess question

meet_raman · #1 27-Jun-2004, 10:16

hey guys!

i have jus two questions... which i think shud prove to be simple for most of u..

1> how do i deny directory listing in my server? one way would be to upload a dummy html page saying "directory listing denied" ... whats the other way??

2> i created a .HTACCESS file to stop leeching from my site by setting referer to my site. but the problem is that the users are finding it difficult to download...

they say the download manager is not working (which is working in MY CASE)..
they say left-clicking does not work (which works in MY CASE)
they say 'save target as' doesnt work.. which actually doesnt work in ANY CASE!! lol

now the question:
how do i make downloading file easier for the users... is it possible to use 'save target as' and still prevent leeching??

plz answer!

thx in advance

meet_raman · #2 27-Jun-2004, 10:19

forgot to mention... this is my current .htaccess file

-----------

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://www.MY-SITE.com/SOME-PAGE.htm [NC]
RewriteCond %{HTTP_REFERER} !^http://MY-SITE.com/SOME-PAGE.htm [NC]
RewriteRule .*\.([zip|mp3|exe]+)$ - [NC,F]

------------

JdS · #3 28-Jun-2004, 09:39

I think you can simply add the following line to your .htaccess file in the directory you want to 'hide':
Code:
```
Options -Indexes
```
For more details, refer to: http://httpd.apache.org/docs/mod/core.html#options
I never tried doing this off my own sites so my information may not be accurate and I am just guessing from what little I understand about the module (mod-rewrite). The possible reason why your 'rules' seem to fail for those people trying to get it donwloaded (the way you've described it in your post above) is cause the 'rules' you've set are testing to see that each request is accompanied by a referring page. Since it is unlikely someone requesting to download a picture/file this way will submit a http_referer value, you must include it in your mod-rewrite condition. Maybe something like:
Code:
```
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^.+
RewriteCond %{HTTP_REFERER} !^http://www.MY-SITE.com/SOME-PAGE.htm [NC]
RewriteCond %{HTTP_REFERER} !^http://MY-SITE.com/SOME-PAGE.htm [NC]
RewriteRule .*\.([zip|mp3|exe]+)$ - [F]
```

BTW, where did you find that last rewrite rule? It looks funky (weird)...

meet_raman · #4 29-Jun-2004, 12:26

lol... i dont know 1 single letter of htaccess... jus copid the file from somewhere else ! haha

thx JDS for the reply...

btw the line u added

Code:

RewriteCond %{HTTP_REFERER}  ^.+

will it stop leeching?

i mean i have mp3s on my server too... if someone else on some other site, uses a 'save target as' on my links... will this stop him from doing so?

if not, the whole purpose is defeated

JdS · #5 29-Jun-2004, 17:28

It depends on what you mean by LEECHING. What I usually understand from the term is that it means that some webmaster has used (linked an image from your server) on his web page.

So that line that I inserted simply means that if the referring page is set and it's not something that you specifically allowed (i.e. your rewrite conditions no. 2 & 3) then the image is NOT loaded.

When someone goes to your web page and decides to save an image off your web page, by right-clicking and then 'copying' the image file onto their hard disk, then the first condition I inserted will return FALSE and the image is loaded for them. If you consider this action as LEECHING too then obviously you are asking for something that's virtually impossible to do without some server-side scripting and allowing downloads from registered users / members only type of thing.

But remember that if an image is displayed on a web page, it's there for anyone to download, copy or whatever.

meet_raman · #6 30-Jun-2004, 02:36

thx again jds

its okay if they take the file from my page, no problems there...
infact ANYTHING they do after coming to my page is acceptable...

The only things i want to stop are that

> an image should not be loaded on other sites when its hotlinked from my site.

> they should not be able to save a file from my site, till the time they ACTUALLY come to my site.

---
my previous htaccess file denied 'save target as' and gave a message 'forbidden' when someone else tried to save a file from some other server.

in that case, 'save target' was disabled even on my server! thats why i resolved to posting the query here...

plz plz plz try to help jds, u seem to be the only hope for me!!

thx again

JdS · #7 30-Jun-2004, 05:09

meet,

I am really confused about your description of "save target as". Please elaborate what one does to "save target as". The version that I know is the one a regular surfer would do on your web page using his/her browser.

BTW, did you actually try adding the rewrite condition I suggested above?

meet_raman · #8 30-Jun-2004, 07:38

lol... ok then lemme give u a detailed description of what i need and whats happening...

the thing is that i have certain MP3 files on my site.
some people come to my site, copy the links of those MP3s and post them onto their site as their own work!

they just give the link on their site and ask their users to:
"right click the link and use save target as option in the menu that pops up"

the option save target as obviously sends a request to MY server and the person who is copying my links is enjoying at the cost of MY bandwidth!

the htaccess file that i was using (the one i posted first of all) denied 'save target as' altogether and the user HAD to LEFT-click on the links to download the file.
and if the user was not from my page (told by the referer address) then the message popped up : FORBIDDEN

now the problem was that some people had configured their browser to 'play' the mp3 files in the browser itself.... so even if they were visiting the link from my site, there wasnt any option to save the files for them

these people forced me to remove the htaccess file i had, and it again opened the doors to leechers

i hope u get the problem now.

so is there a convenient way to let the users, who ACTUALLY come to my site, download the files without hassles?
and can i make sure that if a person copies my links and pastes them onto his site, the links wont work till the time the person actually visits the original page?

if u still dont get the prob i will give an even more detailed description!! 8-)

PS: i did try that rewrite condition but it allows for copying the link and pasting in a new browser window (which is the easiest way to eliminate the 'referer' )

JdS · #9 01-Jul-2004, 04:12

Oh yes, I get it now... that's the GOOD news. The BAD news is that I can't think of anything smart to counter that right now.

Maybe after I had a few days to think about it?

But already I think that the only way you can counter that is to store the files above your web root and use a script to deliver the file (so you can include many tests before allowing the loading up of the file).

meet_raman · #10 01-Jul-2004, 08:51

Quote:

Originally Posted by JdS

Oh yes, I get it now... that's the GOOD news. The BAD news is that I can't think of anything smart to counter that right now.

Maybe after I had a few days to think about it?

But already I think that the only way you can counter that is to store the files above your web root and use a script to deliver the file (so you can include many tests before allowing the loading up of the file).

"using a script" would mean knowing PHP scripting or something similar....

unfortunately i dont know a single word of it too! (plz dont ask how the hell i am running a site! lol)

could u suggest me some site that can help make my script or better still has some readymade scripts which i can use with little/no changes??

u've been supportive all thru... thx

this (i guess) is my last post bothering u!

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Rate This Thread
Rate This Thread: