I have player.php file which calls the video player to play a certain video. How can i block certain sites from accessing this file and using it to embed videos on there site. In other words What code can i use inside player.php to block certain sites from accessing this file only.
You can do this on three levels.
1) Web server
For instance, using .htaccess file if you're on an Apache server.
This could be done with a rewrite that pushes them to some dummy file or 404 or whatever you like. For example:
RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} badsite\.com [NC]
RewriteRule .* - [F]
This is really the ideal way because it precludes the need to interpret PHP.
2) PHP
In your page, use the $_SERVER['HTTP_REFERER'] (which may not be set if there is no referrer) and search for the domain in question in the string.
This is second best, and may be your only option if you can't alter the Apache configuration.
3) Javascript
Doesn't really prevent access to anything, because the check happens client-side (they've downloaded player.php and the Javascript itself prior to running it). If they went directly to the video or whatever, it wouldn't stop them from getting the file. You would use the document.referrer and search for the domain as with the PHP example.
If you are using Apache and have access to your .htaccess file, I suggest you use that instead. This page is an excellent resource.
You could try something like this, assuming player.php is in your web root:
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^player\.php.*
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?your-domain\.com/ [NC]
RewriteRule .* http://your-domain.com/please-dont-steal\.php[NC]
You're better off dealing with this issue server side, so PHP is a good bet. You'll need to examine the HTTP referrer header to see whether you're being hotlinked.
there are lots of tricks you can do with Apache mod-rewrite and/or .htaccess
Related
I'm trying to use mod.rewrite to deny direct access to files on my web server, e.g. http://domain.tld/reports/imareport.pdf or http://domain.tld/img/img1.png, and I've used the answer on this question:
(htaccess) How to prevent a file from DIRECT URL ACCESS?
That page suggests using mod.rewrite like this:
RewriteEngine on
RewriteRule \.(png|pdf|htm)$ - [F]
Using mod.rewrite in this manner works fine for denying access to PDFs, but other files that are ordinarily included in a page such as images and css are not only blocked from direct access, but also blocked when used on a webpage in a normal <img> tag or whatever. This is contrary to the question and answer mentioned above.
So... my question is... is there a way to block direct access to files but still allow them in webpages?
Thanks Mark Phillips, I didn't fully appreciate what these two rewrite conditions were doing for me:
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost.*$ [NC]
So I had managed to mess them up. Things worked as needed when I used the code just as it was.
I am trying to figure out how best to block requests from a certain domain.
I have found that there is a site that is scrapping data using PhP.
I believe (based on my tests and looking at logs) that they are doing this with every request instead of using a cron job.
I don't know enough about PhP to know if I am going down the right path or not. But I have the URL of the PhP page (I will just block the entire domain).
My website is built on Rails.
The best way is to block the user when he hits your server. If you are running Apache, you can add this to your .htaccess file:
RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} badsite\.com [NC]
RewriteRule .* - [F]
I currently run a site with 750 pages of .html webpages (yeah I know it was a stupid idea, but I'm a novice). I'm looking to move these to php. I don't really want to set up 750 individual 301 redirects and rewrite each page to .php
I've heard that I can use htaccess to this. Anyone know how?
A few additional questions -
Can I permanently redirect these links from html to php without losing my search engine rankings and
if I want to add php to each of the files (i.e. a php file menu (using the include command) to make the links quicker to update will this work? Because won't they still be html files?
Sorry for the stupid questions, but I'm still learning.
Congratulations on a 750 page site - you must have put some work into that.
To collect your current list of pages use a tool called xenu to create an export into excel. You can then easily change the name the files to PHP in column b and create a .htaccees file.
However why would you want 750 php files? If you have lots of data pages, make it one page and suck in the HTML main content and reference one page. If you have a page called warehouse-depot-22-row-44.html then change that to show-warehouse-row.php?depot=22&row=44 and return that content only. This will significantly reduce your number of pages and to start using databases to render the content.
For redirecting you could use the Apache Module mod_rewrite: https://httpd.apache.org/docs/current/mod/mod_rewrite.html
You can use url rewriting to match a specific file name request with a regular expression and then decide where to redirect if matched
RewriteRule ^myname/?$ myname.php [NC,L]
http://www.addedbytes.com/articles/for-beginners/url-rewriting-for-beginners/
Depends on the structure you have.
You want the user to access them in their natural location?
/public_html/folder1/file.php
user would access like
mydomain.com/folder1/file
or you want to map them differently?
Personally I think I would use a rewrite rule to map all requests to my /public_html/index.php and would map the requests from there using php (using include for instance). This gives great flexibility, plus you have a single point of entry for your application which is very beneficial since you can easily maintain control of the application flow.
The .htaccess would look like this
#
# Redirect all to index.php
#
RewriteEngine On
# if a directory or a file exists, use it directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# RewriteCond %{REQUEST_URI} !^/index\.php
# RewriteCond %{REQUEST_URI} (/[^.]*|\.(php|html?))$ [NC]
RewriteCond %{REQUEST_URI} (/[^.]*|\.)$ [NC]
RewriteRule .* index.php [L]
of course I place all my not directly accessible files (everything except index and css, js, images, etc) to a folder outside the public_html to ensure no user can ever access them directly ;)
I've had a similar (yet much much smaller) site that went through the same thing.
I have this in my .htaccess:
RewriteEngine On
RewriteRule ^(.*)\.html$ $1.php [L]
This will help redirect any visitors to your .html addresses to your .php addresses.
You hopefully have an IDE (I recommend Aptana), and you can use some of the find/change functions project-wide, and hopefully with some time and patience get your internal links from .html to .php.
But, I caution you a little bit - Perhaps it is time to look into a database based CMS, such as Wordpress or Drupal?
I would to know how one is able to append a username directly to a site url without having to put it within a query?
Eg
www.myspace.com/micheal
instead of
www.myspace.com?name=micheal
Without having to create a new folder for the user so that when the url is typed including the name, the surfer is taken directly to the user's profile.
Thanx
If you're using Apache, which, using PHP, you most likely are, look into mod_rewrite. This lets you do things like this, where www.myspace.com/micheal would be translated internally to www.myspace.com/?name=micheal before being sent to the scripts.
Take a look here http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html for the documentation on how to use it.
For the Apache web-server .htaccess file with the following code will do the thing.
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?name=$1 [QSA,L]
This is called url rewriting, and is handled by mod_rewrite on Apache servers.
A rewrite rule takes the incoming uri, parses it and rebuilds it into what the script needs to run.
A very simple example:
RewriteRule ^michael$ /?name=michael$
There's lots on Google when you know where to look. Start here:
http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html
As everyone has pointed out you want URL Rewriting.
If you are using IIS rather than Apache, there are still a couple of options.
Free Option - Ionics Isapi rewrite filter
Commercial Option - Isapi_Rewrite
I think you might be referring to "Pretty URLS" which is generally setup on a web server level using something like Apache mod_rewrite:
http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html
http://www.roscripts.com/Pretty_URLs_-_a_guide_to_URL_rewriting-168.html
I have two different domains that both point to my homepage in the same server.
I want to log every single access made to my homepage and log which domain the user used to access my homepage, how can I do this?
I tried mod_rewrite in Apache and logging to a MySQL database with PHP but all I could do was infinite loops.
Any ideas?
EDIT:
By your answers, I see you didn't get what I want...
As far as I know Google Analytics does not allow me to differentiate the domain being used if they both point to the same site and it also does not allow me to see that some files like images were accessed directly instead of through my webpages.
I can't also just use $_SERVER['HTTP_HOST'] cause like I just said, I want to log EVERYTHING, like images and all other files, every single request, even if it doesn't exist.
As for Webalizer, I never saw it differentiate between domains, it always assumes the default domain configure in the account and use that as root, it doesn't even display it. I'll have to check it again, but I'm not sure it will do what I want...
INFINITE LOOP:
The approach I tried involved rewriting the urls in Apche with a simple Rewrite rule pointing to a PHP script, the PHP script would log the entry into a MySQL database and the send the user back to the file with the header() function. Something like this:
.htaccess:
RewriteCond %{HTTP_HOST} ^(www\.)?domain1\.net [NC]
RewriteRule ^(.*)$ http://www.domain1.net/logscript?a=$1 [NC,L]
RewriteCond %{HTTP_HOST} ^(www\.)?domain2\.net [NC]
RewriteRule ^(.*)$ http://www.domain2.net/logscript?a=$1 [NC,L]
PHP Script:
$url = $_GET['a'];
$domain = $_SERVER['HTTP_HOST'];
// Code to log the entry into the MySQL database
header("Location: http://$domain/$url");
exit();
So, I access some file, point that file to the PHP script and the script will log and redirect to that file... However, when PHP redirects to that file, the htaccess rules will pick it up and redirect again too the PHP script, creating an infinite loop.
The best thing do would be to parse the server logs. Those will show the domain and request. Even most shared hosting accounts provide access to the logs.
If you're going to go the rewrite route, you could use RewriteCond to check the HTTP_REFERER value to see if the referer was a local link or not.
RewriteCond %{HTTP_HOST} ^(www\.)?domain1\.net [NC]
RewriteCond %{HTTP_REFERER} !^(.*)domain1(.*)$ [NC]
RewriteRule ^(.*)$ http://www.domain1.net/logscript?a=$1 [NC,L]
RewriteCond %{HTTP_HOST} ^(.*)domain2\.net [NC]
RewriteCond %{HTTP_REFERER} !^(.*)domain2(.*)$ [NC]
RewriteRule ^(.*)$ http://www.domain2.net/logscript?a=$1 [NC,L]
You may also want to post in the mod_rewrite forum. They have a whole section about handling domains.
If Google Analytics is not your thing,
$_SERVER['HTTP_HOST']
holds the domain that is used, you can log that (along with time, browser, filepath etc). No need for mod_rewrite I think. Check print_r($_SERVER) to see other things that might be interesting to log.
Make sure to still escape (mysql_real_escape_string()) all the log values, it's trivially easy to inject SQL via the browser's user-agent string for example.
So, I access some file, point that file to the PHP script and the script will log and redirect to that file... However, when PHP redirects to that file, the htaccess rules will pick it up and redirect again too the PHP script, creating an infinite loop.
Can you check for HTTP headers in the RewriteCond? If so, try setting an extra header alongside the redirect in PHP (by convention custom HTTP headers start with 'X-' so it could be header('X-stayhere: 1');), and if the X-stayhere header is present, the RewriteCond fails and it doesn't forward the browser to the PHP script.
If, however, you can cron a script to download the server logs and run them through some freeware logfile analyzer, I'd go with that instead. Having two redirects for every request is a fair bit of overhead.. (and if I was more awake I might be able to come up with different solutions)
Does Google Analytics not provide this option? Or could you not parse your server log files?
Why not use the access log facility build in apache?
Apache have a "piped log" function that allow you redirect the access log to any program.
CustomLog "|/path/to/your/logger" common