I have a directory files that contains files that I don't want to allow to be accessed directly
If you go to www.mywebiste.com/files/myfile.pdf then you would be redirected.
However I want the files to be accessible from the rest of the site.
ie. I may have a page www.mywebiste.com/dave/page/ that needs to be able to display files from within the files dir.
I have tried the following htacccess in the files dir, but it's not working:
RewriteEngine ON
RewriteCond %{HTTP_REFERER} ^http://www.mywebiste.com/files/ [NC]
RewriteRule ^.*$ - [R=404,L]
If I could get this working, I assume that this would also prevent the files from being indexed by robots, as they too would be redirected?
Options +FollowSymLinks -MultiViews
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_REFERER} ^$
RewriteRule ^files/.*$ - [F]
You may also use:
RewriteCond %{HTTP_REFERER} !^http://(www.)?mywebiste.com/.*$ [NC]
RewriteRule ^files/.*$ - [F]
Since the refer comes from the page it was called the page could be anything within your domain so I simple use ^http://(www.)?mywebiste.com/.*$ you may as well use ^http://(www.)?mywebiste.com if you feel more comfortable with.
If refer is empty and folder is files deny access to it.
PS: http://(www.)?mywebiste.com means either site address have www. or doesn't.
As for robots you could use user agent to allow access even when the refer is empty.
robots.txt example:
User-agent: *
Disallow: /files/
More information about robots.txt see here.
Related
Recently I have encounter a strange issue , my website www.xyz.com is being pointed by some one on the web domain let suppose www.abc.com.
Though the whole website is on www.xyz.com but the other domain display every single content and directory path structure by their domain...e.g. the real path is www.xyz.com/somepage/id/etc can be work by www.abc.com/somepage/id/etc with same directory paths....
This other website is just redirecting everything to my website and I want to stop this domain to use my directory structure. This www.abc.com is also being crawled by Google crawler and added its link in Google search engine.
This is a very new issue to me I have one solution to restrict every single request and check if its from my own website or not.
Second solution is to restrict them through htaccess but I don't find perfect solution using htaccess.
I saw on the web it stop all the referrer, but doing that I am afraid if it will stop users coming from other website to my website ...I just need to restrict other domains to use my whole website as theirs using redirection...i have taken this issue on go daddy and they said they also don't know why the other website is pointing to my ip address ... so clueless I need expert advice to secure my website from future issues like this ...kindly advice...
My htaccess is
Options +FollowSymLinks
IndexIgnore */*
RewriteEngine on
# if a directory or a file exists, use it directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# otherwise forward it to index.php
RewriteRule . index.php
and i am using YII...
You can place this rule just below RewriteEngine On line:
RewriteEngine On
RewriteCond %{REMOTE_HOST} abc\.com$ [NC,OR]
RewriteCond %{HTTP_REFERER} abc\.com$ [NC,OR]
RewriteCond %{HTTP_HOST} !xyz\.(com|net)$ [NC]
RewriteRule ^ - [F]
In your .htaccess file:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.xyz\.com$
RewriteCond %{HTTP_HOST} !^subdomain\.xyz\.com$
RewriteRule .* - [F]
I want to dissallow access to pdf files for unregistred users.
And I know the way to do it through .htaccess file
RewriteCond %{HTTP_REFERER} !^http://sub.mydomain.com/module
RewriteRule \.pdf$ - [L,F]
Only registred users can view http://sub.mydomain.com/module page
But I need such rule to fit any domain, something like this:
RewriteCond %{HTTP_REFERER} !^http://%{HTTP_HOST}/module
RewriteRule \.pdf$ - [L,F]
Is it possible?
Just remove host part and check for /module URI as referrer:
RewriteCond %{HTTP_REFERER} !/module
RewriteRule \.pdf$ - [L,F]
But keep in mind any check using %{HTTP_REFERER} is not very strong check as clients can spoof it.
Probably you are using a back-end language, for example PHP.
Disallow access for your folder, not your files.
Then you can write a script in your preffered language to serve the pdf file to the registered user.
I'm trying to manipulate the .htaccess file on my blogs server to allow certain content to be redirected while allowing others to be accessed.
What I would like to do, is allow any file with the extension of (gif|jpg|css|js|ico|png) to be accessed along with a directory /includes/ and a file sitemap.html while all other traffic I would like to send to the sitemap.html file.
Is this possible?
Here's the code that I'm trying to use but it doesn't appear to be working as ecpected. The redirect matched the file extensions and allows the sitemap.html file to be accessed but the /includes/ directory that I want to be allowed access to froma user perspective regardless of what files are in the actual directory still appears to be redirecting to the sitemap.html file.
RewriteEngine On
RewriteCond %{REQUEST_URI} !(\.(gif|jpg|css|js|ico|png)$|^/includes$|^/sitemap\.html$)
RewriteRule ^(.*)$ /sitemap.html [R=301,L]
Any help would be greatly appreciated.
Try this:
RewriteCond %{REQUEST_URI} !\.(gif|jpg|css|js|ico|png)$ [NC]
RewriteCond %{REQUEST_URI} !^/(sitemap\.html|includes(/.*|))$ [NC]
RewriteRule ^ /sitemap.html [R=301,L]
Sure both RewriteCond lines can be combined into 1 but I would suggest keeping it 2 separate as this is easier to read and easy to maintain in case you want to add new extensions or new directories for exclusion in future.
I have a download site where I blocked access to .zip files in order to force users to go through my download process (simply means u have to register before you download).
Now I am also making a java arcade and I want the applet to be able to download zip files from a specific directory on it and play them.
Right now I am using something like in my site's root .htaccess:
RewriteRule .*\.(zip)$ http://www.google.com [R,NC]
The question is how do I tell it not to include the folder "arcade" in it.
What do I modify in the above code or what do I put in the arcade/.htaccess file to make it possible to link to zips..
Thanks!
- Ben
You should use the RewriteCond directive. You need something like:
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/arcade/
RewriteRule \.zip$ - [F]
I have also changed the way you block access to .zip files. It's better to return a 403 error code.
Try
#exclude the arcade folder
RewriteCond %{REQUEST_URI} !^/arcade [NC]
RewriteRule .*\.(zip)$ http://www.google.com [R,NC]
Instead of the redirect you could also give a 404 as below. Also simplified the match for the RewriteRule
RewriteCond %{REQUEST_URI} !^/arcade [NC]
RewriteRule \.zip$ - [R=404,NC]
I know the basics of .htaccess, but freely admit to being a non-expert when it comes to mod_rewrite.
The problem:
I have a sqlite db file in the document root (no, I can't move it out of here) called data.sqlite. This file is accessed internally by PHP files, however, I want to protect this file from being 'downloaded' by the user typing the db URL directly into their browser.
I have used .htaccess to create pretty URLs in the past, and thought using mod_rewrite would provide a nice solution to my problem. However, my rewrite rule does not seem to prevent access.
.htaccess
Options +FollowSymLinks
Options -multiviews
RewriteEngine On
RewriteBase /
RewriteCond %{http_host} ^www\.example\.com [NC]
RewriteRule ^(.*)$ http://example.com/$1 [R=301,NC]
##prevent access to any file data.sqlite by redirecing back to index.php
RewriteRule ^data.sqlite$ index.php [L,NC]
##my other rules follow - not shown here
Any ideas where I'm going wrong with the rewrite?? I'm sure it is something simple?
EDIT:
Ideally, I'd like to prevent direct URL access to all files ending in .sqlite, not just data.sqlite
Here's how you do it because I have also done it:
RewriteCond %{HTTP_REFERER} !^http://*.webwarecollection.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://*.webwarecollection.com$ [NC]
RewriteRule .*\.(sqlite)$ - [F,NC]
About "start with ." that is not true!. File must start on ".ht" to be blocked by default on appache.
httpd disables access to files that start with a . by default. Rename your file to .data.sqlite and it will be dealt with.