I have 2 domains hosted on the same account but I want to restrict the second one to not access files.
I have abc123.com and zyx987.com.
In my php I do everything I need to display the domain name and template based on the domain but I want only the /download files to be accessed from abc123.com.
The download folder has files like: file1.pdf or file2.zip.
I tried the 'deny from all' but this didnt work since the other domain is blocked too.
Is there another way?
Here's what you have to do. Put this in your .htaccess
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^(www.)?zyx987.com$
RewriteRule ^download - [F]
This will block any request like:
/download/
/download/file1.jpg
/download/another/file.zip
and give a permission denied.
Related
I am using .htaccess to prevent user to access images through url.
Thanks to this question, I could prevent users to access .js files.
RewriteEngine ON
RewriteRule ^frontend/assets/(?:js) - [R=401,NC,L]
However, when I applied the same rules in order to denied access to dir1 and dir2, the access is only denied to images in directory dir1.
RewriteRule ^frontend/assets/images/(?:dir1|dir2) - [R=401,NC,L]
Is there a way to handle this and prevent users to access files in directory dir2 as well ?
Please try following htaccess rules file. Apart from fixing regex we need to be careful on where we need to place the rule. So place this rule before your previously used rule(s).
Please make sure to clear your browser cache before testing your URLs.
##Enabling RewriteEngine here...
RewriteEngine On
##Rewrite rule for images with checking users OR uploads here...
RewriteRule ^free/frontend/assets/images/(?:users|uploads) - [R=401,NC,L]
##Rewrite rule for images OR css OR js folders here....
RewriteRule ^frontend/assets/(?:images|css|js) - [R=401,NC,L]
I want to use .htaccess to rewrite to a folder based on the visitors IP-address. I have a list of IP-addresses with associated usernames (in a text file). The usernames are also the folder names.
192.168.0.2 - John
192.168.0.3 - Ben
Example: when John (IP ..0.2) goes to www.domain.com, he must see the the content of folder /John
Because the username-IP binding will be made in PHP, I prefer to use RewriteMap so I can generate a .txt file.
Unfortunately, I have to idea where to start. Rewriting based on the users IP is not the problem, the problem is finding the linked username.
Any help appreciated!
There are several ways of doing this, but I wonder why as there are a number of existing modules that provide user directory and authentication already, anyway you could:
# Call an external program each time
RewriteMap userDir "prg:/srv/www/cgi-bin/ipToUserDirectoryMapper.php"
RewriteCond %{REQUEST_URI} !somePatternCommonToAllAlreadyRewrittenRequests
RewriteRule .* /${userDir:%{REMOTE_ADDR}}%{REQUEST_URI} [L,R]
where: ipToUserDirectoryMapper.php takes an IP address as an argument and returns a directory, with a default for unknown IP's.
alternitively, is the mapping is in a txt file:
# Use a static remap file
RewriteMap userDirMap "txt:/srv/www/ipToDirectoryMap.txt"
RewriteCond %{REQUEST_URI} !somePatternCommonToAllAlreadyRewrittenRequests
RewriteRule ^(.*) /${userDirMap:%{REMOTE_ADDR}|someDefaultUser}%{REQUEST_URI} [L,R]
Note: your directory names will need a common element, or you'll need to set a CGI parameter or environment variable for the user directories ( SetEnvIf Request_URI "^/John" alreadyRewritten), to prevent a redirection loop eg. call your directories UserJohn, UserBen and instead of somePatternCommonToAllAlreadyRewrittenRequests have:
**!^/User[a-zA-Z0-9-_]+**
i want to deny the user to acces the subfolder by its real name :
the real name is "folder1"
i want it to be accessed by an other name "test"
i already done that using this :
RewriteRule ^(test/)(.*)$ /folder1/$2 [L]
it works fine but it still can be accessed by its real name (site.com/folder1)
i already added this after the previous line :
RewriteRule ^(.*)(\/)(.*)$ error.php [L]
wich redirect any the user if he uses anything instead of the "test" but it also let him access it if he uses "folder1".
please some help.
Just turn off indexing on your site.
Add this to the top of you .htaccess file.
Options -Indexes
ErrorDocument 403 /
I have a domain like example.com where root directory is web.
I have created a subdomain happy.example.com where directory is outside web folder called happy and connected it to happy.example.com.
My webpage tree looks like
happy
web/images
So all my images for root directory are stored in (web/images)
example.com/images
So a full path to an image can be
example.com/images/me.png
Now i have created a sudbdomain which i call:
happy.example.com
What i would like to do is if i type
happy.example.com/images/me.png
then i should be able to see the picture.
So somehow i need to link all images folder to a subdomain from root directory in web.
I hope you guys got my question.
I guess i shoud have an htaccess file with all funny stuff in happy folder?
Cheerz
Since the two document roots of your two domains aren't connect to each other (one inside the other, or the same), you'll need to either redirect or proxy, or, use a script.
To redirect is easiest, but it'll change the URL in the browser's location bar:
Redirect 301 /images http://example.com/images
or using mod_rewrite:
RewriteEngine On
RewriteRule ^images/(.*)$ http://example.com/images/$1 [L,R=301]
To proxy, you need to have mod_proxy loaded, which isn't always the case if you're using a webhost or hosting service. But you can use the P flag in mod_rewrite to do this:
RewriteEngine On
RewriteRule ^images/(.*)$ http://example.com/images/$1 [L,P]
The last option is to route all image request to a script, like a php script or something. And the script itself returns the image:
RewriteEngine On
RewriteRule ^images/(.*)$ /load_image.php?image=$1 [L]
then you'd have something like:
<?php
header("Content-type: image/jpeg");
readfile('../web/images/' . $_GET['image']);
?>
Obviously, you'd need to check the extension and return the correct content type depending on the image type.
I have a directory with a bunch of files in it & I don't want anybody to be able to access these files by either getting a directory listing or by guessing the file location & typing it in.... it should NOT allow them to download it.
I accomplished this by putting the below in my .htaccess file:
Options -Indexes
Order Allow,Deny
Deny from all
However, I want the user to be able to download the file ONLY IF they access it via a script (which is in a different directory) which will give them the download. At the moment with the above settings it doesn't work.
I thought of putting something like..
Allow from domain.com
But I'm not 100% sure what that means? Does that check where the REQUEST is coming from & hence it would work if the server requests access to that dir? ...or would it still not work as the user is still using the domain via the other script to access the dir?
If you dump the files with an "script" you can store your files outside the documentroot. So you need no htacces file.
Perhaps this is a better workaround.
One way is to redirect the user say to your home page when they try to access your downloadable files inside the folder sec_files in this example.
I researched on this when one of my clients who purchased secure download links a codecanyon product asked for a solution to protect a folder that contained images or downloadable.
the .htaccess code is below. this .htaccess file is placed inside the sec_files i.e downloadable files folder.
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/~sec_files/ [OR]
RewriteCond %{HTTP_HOST} ^www.satyamtechnologies.net$
RewriteRule ^(.*)$ http://www.satyamtechnologies.net [R,L]
See how it works when you access here, it will redirect you to home page but when you access it through a php script here it will let you download the same files.