I have a blog with images. I do not want that the images are directly accessible through the URL (and also not for Googlebot and other bots)... for example... mysite.com/assets/images/img1... etc. So I thought to password protect the images directory with .htaccess. That worked, only front-end all my images became links, and I had to provide my credentials to make them show. How can I make my images show yet NOT make them directly accessible when typing the corresponding URL and the images URLs (or better yet the images directory) NOT accesible for bots to crawl/index?
Don't go with password protection. The right way to do it would be to filter the requests based on the referer URL. If the request originates from your own site then it's ok. Otherwise the request is trying to get an image directly.
I've found this site with detailed instructions on how to do that: http://altlab.com/htaccess_tutorial.html
Taken from the mentioned site:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ http://url_to_default_image.gif [L]
Note that you would have to enable mod_rewrite in your Apache server.
Btw, just asking. Why don't just let people get the image directly if they want to?
Related
I'm currently maintaining a website. Our site has a resource which is a .pdf files and a .docx files. Those resources are meant for the internal staff. But recently I found that by searching on google, our resources can be accessed from google.
There's a solution by adding no-index meta tag on the html so that the resources cannot be indexed by google, but I want another layer of protection. I found a solution but I forget where did I get it from. And I have a code like this:
RewriteCond %{REQUEST_FILENAME} ^.*(pdf|doc|docx)$
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?eoffice-bkad.kotabogor\.go.id/ [NC]
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?view.officeapps.live\.com/ [NC]
RewriteRule . - [R=403,L]
That code works, and it return 403 page when accessed if the http referrer is not from the first url.
But that code is also giving another problem, the code also blocked <iframe> tag inside the html
I'm using Microsoft Office Live preview so that the user can preview the file that they uploaded.
How can I solve this?
Any solutions would gladly be welcomed.
Thank you.
I am trying to write a .htaccess file for my website, which will prevent access to pages and images via direct URL input, but localhost requests will be granted. So far I've found this code after some googling:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com.*$ [NC]
RewriteRule \.(php|css|js|jpg)$ - [F]
The problem is my website images are protected all right, but when I want to access the index.php from a parent directory (the htaccess is in my subdirectory, not the parent), I am shown a 403 Forbidden error.
Now I am not really clear as to what these lines mean, or how to tweak them, so I can't tell right from wrong. Can someone help me out and tell what this actually does? Thanks!
Either your assets are accessible or they're not. You cannot serve assets to the public without serving them publicly. You probably think "from localhost" means if someone is "on your website" already; that's a wrong understanding of how the web works. Every asset is requested from the server via a URL, all requests come from clients. Requests do not come from "your local website".
If endusers must be able to see your assets, they must be able to access them via a URL, which means they'll also be able to see them when "inputting the URL directly". There's no technical difference there.
I have player.php file which calls the video player to play a certain video. How can i block certain sites from accessing this file and using it to embed videos on there site. In other words What code can i use inside player.php to block certain sites from accessing this file only.
You can do this on three levels.
1) Web server
For instance, using .htaccess file if you're on an Apache server.
This could be done with a rewrite that pushes them to some dummy file or 404 or whatever you like. For example:
RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} badsite\.com [NC]
RewriteRule .* - [F]
This is really the ideal way because it precludes the need to interpret PHP.
2) PHP
In your page, use the $_SERVER['HTTP_REFERER'] (which may not be set if there is no referrer) and search for the domain in question in the string.
This is second best, and may be your only option if you can't alter the Apache configuration.
3) Javascript
Doesn't really prevent access to anything, because the check happens client-side (they've downloaded player.php and the Javascript itself prior to running it). If they went directly to the video or whatever, it wouldn't stop them from getting the file. You would use the document.referrer and search for the domain as with the PHP example.
If you are using Apache and have access to your .htaccess file, I suggest you use that instead. This page is an excellent resource.
You could try something like this, assuming player.php is in your web root:
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^player\.php.*
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?your-domain\.com/ [NC]
RewriteRule .* http://your-domain.com/please-dont-steal\.php[NC]
You're better off dealing with this issue server side, so PHP is a good bet. You'll need to examine the HTTP referrer header to see whether you're being hotlinked.
there are lots of tricks you can do with Apache mod-rewrite and/or .htaccess
Is it possible to redirect a user to a php page and then redirect to different image, if the user is requesting for the image ?
For example if user requests for the image or if other website requests for the image, it should be redirected to the php page and then redirected to a different image.
Like if other website requests for http://example.com/images/a.gif, the website will get a different image i.e. http://example.com/images/b.gif.
Is it possible? Let me know if I am not clear with my problem.
Thanks.
Looks like a use case for mod rewrite
with something like:
RewriteRule /images/(.*).gif$ images.php?img=$1
Do you mean you want to redirect to a different image, if the request comes from outside your site? Then you need apache's mod_rewrite, and rules something like this:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://your\.site\.com/ [NC]
RewriteRule a.gif b.gif [L,R]
It means: if the referer is not a part of your site, rewrite every request to a.gif to b.gif.
The RewriteRule specified above would be best, if you're using Apache. You could do it either via the server's config files or through a .htaccess rule if your server supports it. For more info, look to Apache's modrewrite page (for version 2.2): http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html
If you're using IIS or another web server, they all allow similar redirects, they just have different ways of implementing them.
When I open my site without "www", like http://mysite.com/, then there is a problem with my website hit counter on the home page, which is done through AJAX.
The problem is that counter Image is not getting displayed.
It is showing blank.
There are similar problem on other pages where I have used AJAX to retrieve data.
To the cross-domain security policy, "mysite.com" and "www.mysite.com" are different domains, therefore AJAX requests aren't allowed between them.
The simplest solution is to take the domain out of your AJAX call and use a relative url, for example "/dir/ajax-callback.php" instead of "http://www.mysite.com/dir/ajax-callback.php"
You can create .htaccess file in your root dir and put this text inside
RewriteEngine on
RewriteCond %{HTTP_HOST} ^mysite.com [NC]
RewriteRule ^(.*)$ http://www.mysite.com/$1 [L,R=301]
This will make sure that every time user enters http://mysite.com, it gets redirected to http://www.mysite.com
The server has to support .htaccess and mod_rewrite