Restrict acces to index.html and no other files in http server

Question

I have a http server (e.g. http://www.web.com) running with lighttpd. The files composing this server are for instance:

index.html
files/img1.png
files/img2.png

If someone access http://www.web.com/files/img1.png, they can see that file. Is there a way I can block this type of access to my server? I want does files to only be accessible if the user is redirected from index.html or used in it.

score 0 · Answer 1 · answered Mar 29 '20 at 06:24

It sounds like you're trying to prevent hot-linking or deep-linking. A deterrent is to require that requests set a Referer header, though some browsers or proxies strip the Referer header.

$HTTP["url"] != "/index.html" {
    $HTTP["referer"] != "https://www.my-site.net/index.html" {
        url.access-deny = ( "" )
    }
}

This is only a deterrent. See also: Can I rely on Referer HTTP header?

Restrict acces to index.html and no other files in http server

1 Answers1