Stop direct linking to photos folder

Question

I have an online photo archive. My webpage is password protected but I have not yet protected the photo folder to stop people direct linking the photos by URL. All the photos are uniquely named so it is a little hard to guess... but if somebody wanted to guess, they can - and I don't want them to.

How can I stop them from doing this? Is there a way to show a custom webpage if they do try this, that's says "Oi, don't steal!" or similar?

I have a windows dedicated server with administrator access via remote desktop. The only thing that should enter that folder is a script, nothing else.

Many thanks

I don't know how you might do it with your server configuration, but you said "not yet protected the photo folder" which I thought might imply that you knew how but hadn't done so yet. — Greg Hewgill, Sep 20 '11 at 03:07
How did you password-protect your webpage? Can you password-protect your photo folder in the same way? (I'm afraid I'm not familiar with exactly how you can tell Windows HTTP servers how to do password protection.) — Greg Hewgill, Sep 20 '11 at 18:13
Using ASP, if username and password is successful you get access to my page but when you're inside, you can direct link the photos folder — TheCarver, Sep 20 '11 at 18:16
Oh, you're using non-HTTP authentication. Perhaps you could consider using HTTP-based authentication, which would allow you to protect both the webpage and the photo folder with the same password. — Greg Hewgill, Sep 20 '11 at 19:01

score 0 · Answer 1 · answered Sep 19 '11 at 20:56

0

Do you mean to say you have enabled basic authentication on the folder containing the images? If that is the case no user should be able to guess, or browse the directory contents without putting in username and password first, otherwise they will get a 401 unauthorized error.

answered Sep 19 '11 at 20:56

Homan

25,618
22
70
107

No, sorry my question wasn't clear on that, I have just edited it. My webpage is password protected, my photo folder isn't protected at all – TheCarver Sep 19 '11 at 21:06
What sort of web server is it? IIS? Apache? – Homan Sep 21 '11 at 16:30

score 0 · Answer 2 · answered Sep 27 '11 at 23:08

You can check the referrer. It can be easily defeated but most people likely wont care enough to do so. Here is some more detail about that http://davidwalsh.name/prevent-image-hotlinking

For password protecting a portion of your website you can also use .htaccess files - http://weavervsworld.com/docs/other/passprotect.html

I dont know how to do either of these in IIS, apologies.

Stop direct linking to photos folder

2 Answers2