I have a folder called "files" I have a .htaccess file in there which job is to determine if the file is going to be "downloaded" or just viewed (NOT EXECUTED (.txt, .php etc) But I want image files to be viewed, as they are... images! So they shouldn't be downloaded.
I tried with
Header set Content-Disposition attachment
Header set Content-Type application/octet-stream
But that give me an error
How do I set up this rules?
Download files.
Show images (if Images, of course, show .pdf documents etc).
View (DONT EXECUTE!) .php, .txt etc.
Is this a secure method, by the way?
First set download code for all then add code for specific file like image and PDF
<Files *.*>
ForceType applicaton/octet-stream
</Files>
<Files *.jpeg>
ForceType image/jpeg
</Files>
<Files *.jpg>
ForceType image/jpeg
</Files>
<Files *.pdf>
ForceType application/pdf
</Files>
Related
I'm trying to let my .htaccess file to force the download a specific *.zip file contained in the root of the website.
Basically, loading my page the user will download automatically my *.zip file without even seeing the Directory Listing.
Here's my .htaccess file:
### MAIN DEFAULTS
Options +ExecCGI -Indexes
DirectoryIndex file.zip
DefaultLanguage en-US
AddDefaultCharset UTF-8
ServerSignature Off
### FORCE FILE TO DOWNLOAD INSTEAD OF APPEAR IN BROWSER
AddType application/octet-stream .zip
AddType application/zip .zip
I can download the file, but the latter has no extension and it's called download.
How can I fix this?
Thanks
-RJ
Add this line to the end of your .htaccess file:
Header set Content-disposition "attachment; filename=file.zip;"
I know I can write a php script and save it with an image ext. by adding the following to my .htaccess
AddType application/x-httpd-php .gif
But what if I only want files in a certain directory to be treated as such? How would I do that? I'm thinking about making a a footer for my email account, I would like to gather some basic non-intrusive data with it. Would this even work (assuming the client doesn't have images turned off)?
<Files "/thisdirectory">
AddType application/x-httpd-php .gif
</Files>
See here for Apache 2.4 docs.
http://httpd.apache.org/docs/current/mod/core.html
Rightio...I am about to add an image upload to my site. After reading some security blogs I have added the following to my htaccess file.
ForceType application/octet-stream
<FilesMatch "(?i)\.jpe?g$">
ForceType image/jpeg
</FilesMatch>
<FilesMatch "(?i)\.gif$">
ForceType image/gif
</FilesMatch>
<FilesMatch "(?i)\.png$">
ForceType image/png
</FilesMatch>
When I browse to a PHP page it downloads the file.php instead of showing the page in the browser.
Any ideas would be much appreciated.
I am working on MAMP locally.
Many thanks
Lewis
When I browse to a PHP page it downloads the file.php instead of showing the page in the browser
That's because you have this line:
ForceType application/octet-stream
by itself, without any condition. That means, everything should have the mime-type application/octet-stream, which browsers see and understand as binary content that should be downloaded. Not sure how this is a security improvement as it makes it so your entire site can be downloaded and viewed as code, as opposed to any dynamically generated content.
You have to put that .htaccess code in a directory that only has image files. If you don't have your images in their own directory, create a directory for them and put them there (and update any links to them).
I have a folder with some sql files that I would like to be processed as PHP and I would like the output to be text/plain. I can force sql files to be processed by PHP like this:
<FilesMatch "\.sql$">
ForceType application/x-httpd-php
</FilesMatch>
Is there a way I can set the default content-type when these files are served to be text/plain? Or will I have to use the header thing in the files?
RewriteRule ^(.+\.sql)$ $1 [T=text/plain]
I want to send my RSS/Atom feeds with the correct Content-type header, can I do this without access to PHP or any other server-side language? The goal is for the browser to treat the file as a feed and not just a plain XML file.
You can tell the server to send that specific file with a specific media type.
Apache has the AddType and ForceType directive to do that:
# send all .atom files with application/atom+xml
AddType application/atom+xml .atom
# send only foo.bar as application/atom+xml
<FilesMatch ^foo\.bar$>
ForceType application/atom+xml
</FilesMatch>
You can use <Directory>, <DirectoryMatch>, <Files>, <FilesMatch>, <Location> and <LocationMatch> sections to restrict the directives only to specific directories, files or URL paths. But be aware of the context they are allowed in. Only <Files> and <FilesMatch> can be used in a .htaccess file.
If your RSS/ATOM feed has a specific extension, or is served from a specific dorectory, I suppose you could use Apache's AddType directive, so Apache would serve your RSS feeds with the right content-type :
The AddType directive maps the given
filename extensions onto the specified
content type. MIME-type is the MIME
type to use for filenames containing
extension.
Not tested, but I suppose something like this, either in your Apache's main configuration file, or in a .htaccess file, might do, for RSS feeds :
AddType application/rss+xml .rss
And, for ATOM, something like this, probably :
AddType application/atom+xml .atom