I want to protect my JS files using absolute path of the URL.
Please help me.
+5
A:
Cannot be done.
You can try to hide your JavaScript and CSS in obfuscated files, but since the user's browser needs to have it in order to display your page, the resourceful user can always distill it back from there.
Update: The comments complain that I lifted this answer verbatim from a forum site. I would like to contend that it was the other way around. Check the time stamps and user names.
Thilo
2009-06-18 06:29:12
Demi
2009-06-18 06:42:47
@Demi, both question and answer, but the answer missed the smiley.
Gamecat
2009-06-18 07:00:09
WOW! I swear I posted it here first, and then it was copied to that forum.
Thilo
2009-06-18 07:04:45
One might suspect that "Niladri_Biswas" and "nbiswas_123" are related in some way...
Hasturkun
2009-06-18 07:11:21
Repeat offender?, http://stackoverflow.com/questions/999377/linq-to-sql-date-format-problem and http://www.codeproject.com/Messages/3082502/Re-Linq-to-sql-date-format-problem.aspx
Hasturkun
2009-06-18 07:16:18
Thanks for the heads up; we'll look into it.
Marc Gravell
2009-06-18 08:09:23
+1
A:
You can try to do this with Apache mod_rewrite:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://www.xyzxyz123.com/.*$ [NC]
RewriteCond %{REQUEST_URI} !^/bad.js$ [NC]
RewriteRule .*\.(js|css)$ /bad.js [NC,R]
This basically just looks for the referer, and if it's empty, or not populated with your website (which the browser should pass in the Referer: header) then it will return the /bad.js instead. Just create a /bad.js which is empty, or contains junk code, etc.
A knowledgeable person could always figure out how to tamper with their headers to pass the Referer header, so I wouldn't consider this a catch-all.
Hope this helps.
Russell242
2009-06-18 07:13:22