I want to prevent people from getting the images of my website by typing in the URLs in browser address bar, while allowing them to view the images on when visiting the webpages.
I tried the following .htaccess code:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost.*$ [NC]
RewriteRule \.(gif|jpg|png)$ - [F]
However, it not only restricts direct URL access, but also hides all of images even when visiting the webpage. Now my website looks like a page of text with a lot of image holes.
Can anyone tell me why the above .htaccess doesn't work?
I found it here (htaccess) How to prevent a file from DIRECT URL ACCESS?, but I don't have enough reputation to ask in that post, because I just created this account to post this question.
Thanks.
Returns 403 (Forbidden) if you access image directly, but allows them to be displayed on site. It works, but testing can be tricky/misleading. Read about it in questions/10236717/htaccess-how-to-prevent-a-file-from-direct-url-access
Another way to prevent hotlinking is like this (from: htaccess generators
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
Related
I have a registration page from my website portal but I want to allow it to be loaded only if the previous domain was the PayPal domain (for example). That way I would garantee that even if a bot scanned my WordPress instance (which is not difficult), it could not register.
I know that mod_rewrite can prevent hotlinking, and allow specific domains to load that content.
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?mydomain.com [NC]
RewriteRule \.(jpe?g|gif|bmp|png)$ https://example/404.jpg [NC,L]
But is it possible using a normal URL? That is, not a file, but a page?
You could use (assuming your registration link is, e.g. /wp-login.php?action=register)
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?paypal.com [NC]
RewriteCond %{QUERY_STRING} ^action=register$
RewriteRule ^wp-login.php index.php [NC,L]
..to redirect to index.php if someone tried to register without coming from paypal (headers can be spoofed, of course)
Yes, you can use the HTTP_REFERER for any URL. Add this to your .htaccess:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?paypal.com [NC]
RewriteCond %{REQUEST_URI} ^/your-registration-url$ [NC]
RewriteRule ^your-registration-url$ https://website.com/404 [R=301,L]
That would redirect anyone visiting your registration URL not having paypal.com as the referrer to a website.com/404 or whatever page you choose to redirect them to.
How can I prevent users from accessing .pdf file directly from url?
I've a page that contains several <a> with .pdf href.
And I want that if someone click on these links then it should be go to the relative path and open the document. but If someone trying to copy and paste link in other tab then document shouldn't be open.
Please help me.
Issue resolved.
Thanks for your precious time.
Here is my code that I'm using in my .htaccess file.
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com/ [NC]
RewriteCond %{REQUEST_URI} !hotlink\.(gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx|mp4|mov) [NC]
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteRule .*\.(gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx|mp4|mov)$ http://example.com/ [NC]
Hope now you all understand that what I wanted to do.
I have site with Joomla on my local intranet. and I'm add code on .htaccess
Options -Indexes
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://localhost:8081/.*$ [NC]
RewriteRule ^.* /403-page [L,R]
If I'm test with type address directlink on addressbar successfully redirect, and can't open anything for directlink, and url direct to :
http://localhost:8081/403-page
the problem is, if I want open with type http://localhost:8081/intranet for main page of intranet I cant open this, it will test with me unscript code then put again script for open the main page, and success to open main page, then i put again script for script only use. everything is OK with I want. open anything link from website, and cant open directlink with type link on addressbar.
##Options -Indexes
##RewriteEngine On
##RewriteCond %{HTTP_REFERER} !^http://localhost:8081/.*$ [NC]
##RewriteRule ^.* /403-page [L,R]
how to tricks and tips for this, I can open mainpage intranet only with type on addressbar:
http://localhost:8081/intranet/
and anything type directlink set cant to open...???
Add a condition to exclude requests for /intranet/:
Options -Indexes
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/intranet/?$
RewriteCond %{HTTP_REFERER} !^http://localhost:8081/.*$ [NC]
RewriteRule ^.* /403-page [L,R]
We only want users from a specific website to use our services. Is there a way to redirect all traffic that does not come from a specific referrer, to a website of our choosing, via htaccess?
Also, this is for the first page only. So if they get to our site, they're going to browse a new page, and their referrer for the new page would apparently be the site they are already on.
Thank you!
Try adding this in the htaccess file in your document root:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://the-ok-domain.com [NC]
RewriteRule ^/?first-page.html$ http://the-website-of-your-choosing.com/ [L,R]
You could also make it so you add your own domain to the referer check:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://the-ok-domain.com [NC]
RewriteCond %{HTTP_REFERER} !^http://your-domain.com [NC]
RewriteRule ^ http://the-website-of-your-choosing.com/ [L,R]
Then you can include all of your pages in the check.
Note that referers can be easily forged and any htaccess file using mod_rewrite in any of your subdirectories will supercede these rules (unless those htaccess files have the RewriteOptions inheret option set)
Didn't work for me, I've made this small change to redirect traffic from google:
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^(.*)\.google\.(.*) [NC]
RewriteRule ^(.*)$ https://www.my-site.it/$1 [L,R]
Is there a .htaccess script I can use to redirect the url of an image to an actual web page?
What can I do to make it so when someone accesses an image via their address bar by typing in: http://www.sitename.com/uploads/192-file-name-here.jpg
or other extensions like
http://www.sitename.com/uploads/235-file-name-here.png
It will instead redirect the user to the web page:
http://www.sitename.com/view/192-file-name-here/
I want to still be able to place the images in image tags across the site and on external sites though.
RewriteCond %{HTTP_REFERER} !^https?:\\www\.sitename\.com
RewriteCond %{REQUEST_URI} (.*)\.jpg$
RewriteRule images/(\d+)\.jpg http://www.sitename.com/view/$1.html [L,R=301]
RewriteCond %{HTTP_REFERER} ^$
Can this be modified/re-written to perform my function?
put this in your .htaccess, it will redirect all requests that are sent directly by user.Note: Other sites,as you mentioned can put your images in their pages.
RewriteCond %{REQUEST_URI} ^/uploads/(\d+)-(.+)\.(png|gif|jpe?g|bmp)$ [NC]
RewriteCond %{HTTP_REFERER} ^$
RewriteRule (.*) http://www.sitename.com/view/%1-%2/
Yes you can always redirect images to a webpage or anything using .htaccess.
But images/(\d+).*\.jpg may be better.