Hi uzzikie,

the answer is in your question :). You could write a CGI script that takes two parameters as input: the resource to get (e.g. sample.jpg) and a passcode of some sort (e.g. abcdefg). Your passcode could for example be based on the date, based on the user session (identified by a cookie sent earlier), on the number of camels that fit through the eye of a needle on any given day etc. The idea is that you only get the passcode if you access the image through a link somewhere else on your website. This requires that the rest of your website is somewhat dynamic, as it needs to generate (correct) passcodes on the fly.

To actually protect your resources from direct access, you have to intercept the URL's and rewrite them to use your CGI script. If you are using Apache, you can do this with its URL rewriting engine. You'd have to rewrite http://a.com/camel.jpg?42 to http://a.com/cgi-bin/camel_keeper.cgi?camel.jpg&42 or something like that. camel_keeper.cgi is the cgi script described above. For more information on Apache and URL rewriting, visit the Apache documentation site.

So, to summarise, you need to:

* come up with a system to generate non-trivial passcodes

* Rewrite your site in a dynamic fashion so it generates those passcodes in it's links to internal resources

* Write a script that checks the passcode on resource access

* Put in a URL rewriting rule to make sure all resource requests pass through your script

CU
Robartes-