Forum

Hiawatha version: 7.3
Operating System: CentOS 5.5


Hi folks,

I am just playing around to prevent direct access to the external style sheet style.css. I tried a UrlToolkit as follows:

UrlToolkit {
  ToolkitID = prevent_style
  Match ^/style.css DenyAccess
}

and used this toolkit in my virtual host. It worked pretty well, but unfortunately, all (!) access was prevented, so my website looked a little bit funny.

Maybe I am thinking completely wrong, but is there any good trick, to prevent direct access to the style.css file only if it is entered in the browser's url (like: http://my-domain/style.css) ??

Many tx.

Cheers

Kai

The reaons for the blocking of your entire website can't be the UrlToolkit rule. So there must be something else. But I can't tell you from here what it might be...

... Ah, sorry for the confusion
after having the toolkit setting in place, all access to the file style.css was blocked, but the html pages were shown, but obviously not in the correct format.
My understanding of the toolkit entry was, that access to the file style.css is blocked, once it is directly entered in the url, but not if it is used by an html page to format the display.
But as i wrote, no access to this file was possible at all, but the website was correctly displayed.

Hope this helps a little bit ...

Many tx.

Cheers

Kai

From a server's point of view, there is not difference between a file being requested directly by entering its URL in the browser or a file being requested by a browser because it was included in a page. So, what you want can't be done.

But why would you want to block access to a CSS file anywhere? What's the security risk of exposing such file?