I wanna set up an download page.
I need to access those pages only through a login page and stop all the direct access to the download page path and also its files and again if anyone tries to access those pages directly then it should automatically redirect to login page itself or else at least with a 404 error.
How can I do all these in .htaccess file. It will be very much helpful in developing my website.
Thanks in advance
Assuming that your all of your downloads are inside of a downloads directory, something like this should do the trick.
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^https?://(?:www\.)?your.site.*
RewriteRule ^downloads\/?.* http://your.site/login [R=302,L]
Alternatively (and ideally) you should instead keep the pages outside of the site's root directory and download them through a proxy page.
Related
I am using JWplayer on my website to play .mp4 files, when i check my site code the JWplayer code is like this.
<div class='jwplayer' id='jwplayer-0'></div><script type='text/rocketscript'>if(typeof(jQuery)=="function"){(function($){$.fn.fitVids=function(){}})(jQuery)};jwplayer('jwplayer-0').setup({"aspectratio":"8:5","width":"100%","primary":"html5","file":"http://mysite.se/wp-content/uploads/2014/09/sack.mp4"});
</script>
Now, how can i prevent someone from hotlinking that .mp4 files on a forum or another side or embed it on another player somewhere else if it's possible? i want the file only to be accessed by my own site if possible? i dont care if they download the file aslong as they dont hotlink it from my server.
You'd probably have to rely on checking the HTTP Referer field of the incoming request. The referer, however, can be easily forged to get around this limitation, but as it is, this is probably the easiest solution.
Try adding this to the htaccess file in your document root:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?example\.com/ [NC]
RewriteRule \.mp4$ - [L,F,NC]
Where "example.com" is your domain.
due to internal politics with a project I need to redirect only the homepage of a site built in drupal to a different url. I want to be able to access the rest of the site to show people but just that when it goes to the homepage it redirects you.
I want to create a copy of the homepage and then have the original homepage automatically redirect to the new url....meta refresh wouldnt work because there is lag time...
Anyone know how to do this with .htaccess ?
Thanks
Add new comment
You can try adding this rule as first rule:
RewriteRule ^$ /new-home-page [L,R]
here is the situation and I need a little help with it:
I have a domain xxxxx.com and a sub-domain upload.xxxxx.com both lead to directory /www/xxxxx.com/, but I am using the 2nd domain for file uploading since I am using Cloudflare's services and with the 2nd domain there are no performance optimization and troubles with the upload (I've created cookies that are valid for both domains).
But my point is because I am using only 1 file for that 2nd domain and it upload.xxxxx.com/upload.php the same file exist under xxxxx.com/upload.php - I am not really good in .htaccess, so how can I make the only page that could be opened from this subdomain to be upload.php and all other to redirect to the main domain ?
You can use this rule as first rule in your DOCUMENT_ROOT/.htaccess file:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^upload\. [NC]
RewriteRule ^upload\.php$ /? [NC,L,R]
What I did in the end I think it's good for the users who are interested to know:
I added a cross domain support for the cookies and added additional domain, upload.*
I left the upload.* domain only on redirect rules via Cloudflare (no optimization)
Redirected the uploading form to the upload.xxxxx.com/upload.php
Made the cookie cross domain based on login so when you login on the main site you're logged in on the upload.* one too.
When you submit the form it uploads really fast via upload.* and redirects back to the preview page on the original domain.
It handles the errors via cookies from the upload.* to the normal domain
Hope this helps :)
We have created a bunch of landing pages on a Joomla CMS system, such that the URL for each landing page is www.domain.com/page1.html and www.domain.com/page2.html, and so on. Of course the page1.html isn't really an HTML file it is a dynamic CMS page, just rewritten with htaccess.
The goal is to have one of our other domains, something like www.uniquedomain1.com show the content of www.domain.com/page1.html. Or, another domain like www.uniquedomain2.html show the content of www.domain.com/page2.html.
This needs to be search engine friendly so we can't use URL masking. Also we can't use HTACCESS redirects as this actually changes the URL in the browser bar. Need to keep the www.uniquedomain1.com URL in the browser bar.
Tried Apache VirtualHost options without any luck. You can park in a directory but not from a URL.
Ended up parking the domains on one folder, and then creating a PHP script to detect the domain host and then use CURL to query the correct url and deliver content. This whole thing seems ridiculously over complicated, and of course CURL isn't the best option, but it is all we could get to work.
Any thoughts on how to do this, or a better solution?
You can use HTACCESS redirect rules to do it without performing a redirect.
Change the html file names to be the domain name of the desired domain like domain.tld and do something like this in an .htaccess file
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(?:www\.)?([a-z0-9\.-]+\.[a-z]+) [NC]
RewriteRule ^$ /%1.html [L]
A quick test of this worked for two of my test (sub)domains test.domain.tld and test2.domain.tld. Both properly redirected to files with the names test.domain.tld.html and test2.domain.tld.html without modifying the URL.
You could also just use your PHP wrapper script to grab the content of each of the miscellaneous html files and output them.
If you renamed all of your HTML files (as in my previous suggested answer) to be domain.tld.html you could do it fairly easily. Something might look like:
<?php
require($_SERVER['SERVER_NAME'] .'.html');
Is is possible to secure a directory on Apache with a custom form? I have a directory full of static HTML files, it is basically a full static site. I want to secure this site with a password.
I know I can use .htaccess but I would much rather have a custom form/database to secure the site. I know how to code in PHP well enough to create the form, database and do the authentication. What I don't know is how to tell Apache to redirect to that form if the user is not authenticated.
UPDATE: I would be fine using other authentication modules. I'm looking for a system similar to IIS Forms authentication. If the user is not logged in, visiting any file in the directory will redirect to a login form. Once logged in they can view any of the files in the directory.
Pseudocode follows:
if user authenticated:
read a file and output into browser (or return 404)
else:
show the form
end
The following .htaccess will rewrite every request to .html files into index.php:
RewriteEngine on
RewriteCond %{REQUEST_URI} \.html$
RewriteRule \.html$ /index.php [QSA,L]
You'll find the requested .html filename in $_SERVER['REDIRECT_URL'].
(Most of known PHP frameworks uses this or similar approach. There isn't anything fancy in this.)