Hotlinking / Leaching

[1DMF]

Hi,

Is there any way of stopping people connecting/running files on a website.

I have PHP and ASP scripts I use for certain processes/apps on my site that I only want 'My Site' to be able to run.

Is there a way of doing this?

Thanks,
1DMF

"In complete darkness we are all the same, only our knowledge and wisdom separates us, don't let your eyes deceive you."

"If a shortcut was meant to be easy, it wouldn't be a shortcut, it would be the way!

 

[lhuegele]

I think you would be better off posting in the PHP or ASP forums.

 

[1DMF]

I have and found a few mthods, though none 100%

one way is to use a session cookie created via the previous page, so then the current page checks for the cookie before doing any processing.

wors fine of cookes are enabled.


another suggestion was to check 'HTTP_REFERER@ system variable, but seings as that is empty 90% of the time that method is pretty much useless.

I know on unix / apche there is .htaccess and mod-rewrite

and i've seen a few extensions for IIS (ISAPI Filters), to do the same job, but the ones i've seen have a fee attached.

I'm sure I saw something about IIS7 having more security and functionality along these lines, do you know if this is true?

Should I get the bosses to upgrade our webserver to IIS7 ? is that an option?



"In complete darkness we are all the same, only our knowledge and wisdom separates us, don't let your eyes deceive you."

"If a shortcut was meant to be easy, it wouldn't be a shortcut, it would be the way!