Is there a setting for apache or .htaccess to not open images in browser, but instead force the user to download them to their computer to open e.g. when he navigates to http://site.com/image.jpg this will make him download the file. The only time I want images loaded in the browser is when they're embedded in a HTML page. e.g. http://site.com/mypage.html
If it is not possible then can we at least just block it completely if they go to http://site.com/image.jpg, they will get error 403 or something for any file other than html and php?
There would be a bit of a performance overhead, but you could make a page (php or whatever language) that all it does it pull up images from a directory that otherwise isn't web accessable. You could then make all image links go to that page and make them still look like image urls using rewrites.
Page: /images/25.jpg => /images.php?id=25&type=jpg or something similar
Note sure exactly what you are trying but might want to read this:
http://michael.theirwinfamily.net/articles/csshtml/protecting-images-using-php-and-htaccess
Related
With Ruby on Rails I can run rails s -p 3000 and preview my site at localhost:3000.
With React I can run npm start and view the site at localhost:8080.
What if I just have html and CSS files, how do I preview that?
On OSX, you can run a simple web server from any directory using this command:
python -m SimpleHTTPServer 8000
Then, you can hit the directory in your browser by going to http://localhost:8000/path/to/file.html
You can try click 2 times in index.html to open the file in browser.
Every time you update the code in sublime text, you need to reload the browser and the updates will be aplied.
This usually depends on your device/OS and what your eventual goals are, but usually you can either use (online) software that renders the HTML and the CSS for you (such as Brackets.io, etc.) whilst you are typing it (to live preview any modifications/additions), or you can put the documents live using a local webserver such as Xampp or OSXs built in simple web server, and check their respective localhost locations every time you save changes using your code editor.
You could also simply use online applications like Codepen, which can also render HTML and CSS, and even JavaScript. Codepen just today launched Codepen Projects which allows you to create entire website projects at their website. It is however, a pro (paid) feature.
Here's a short overview of code playgrounds that offer the functionality you requested (by no means an exhaustive list):
JSFiddle
CSSDeck
CodePen
JSBin
And ofcourse you can insert Snippets here on StackOverflow, which is also able to render HTML and CSS (and JS).
If you really only use HTML and CSS, previewing in a browser is also possible, opening the .html file by double clicking and opening in Internet Explorer, Chrome, etc.
I installed an SSL Certificate which required me to switch all HTTP Links over to HTTPs links. I did this by downloading all site files (including the database) and did a find/replace, thus replacing all http:// with https:// then I uploaded the new site files (and .sql file) to the server. And everything appeared to be working. Except that .png images wont load in any browser.
I can't even pull up the image by typing in the direct link in the address bar (with or without the https). Previously the images worked fine, they now just show the red X.
Any ideas on what's going on and how can I fix it?
The site is built with Joomla 2.5. You can see it here: https://www.detourjournal.com/ (Note the two .png images in the footer that are not loading)
It's not your Joomla! setup, for starters it doesn't appear to be Joomla! redirecting calls to SSL in normal pages and it doesn't affect direct file URL for images this way.
You appear to have configured your server to force https (possibly via .htaccess).
It's also not specific to PNG files as your logo, /images/stories/logo2.png is being served without a problem. The same goes for the PNG's in VirtueMart e.g. the close label.
Looking at the header for those images the sizes don't match what is being returned... so it's most likely corrupt images cause Apache to bork.
I'm curious about a WAMP + Joomla feature...
On my project folder and within /www/, I have several Joomla folders that are accessible (features inside are usable) but when directly opened from the Web browser show no contents (but no error message is shown)... This is a behaviour I would like to make other folders have but I don't seem to be able to get it!
Let me explain a but further, folder called "CLI" if opened in web browser as:
.../components
returns a blank screen... But some of my modules are using content within, so folder is not restricted but contents are not visible through Web brower.
Now I have another folder:
.../clients
Which I would need to behave the same way as many modules of my site need this, but I can't afford to leave it "open" for users (if someone enters ".../clients" on their web browser, I need the output to be blank, same as the .../components folder above). Currently, if someone enters .../clients on a web browser, they can see all files within, this is a CRITICAL security bug for me.
I've succeeded to disable them by doing DENY FROM ALL in httpd.conf. However, this is not valid as it absolutely restricts everything within the folder, causing my modules to crash.
Hope you get the point, if not, happy to clarify :)
MANY MANY THANKS for your support!!!
PS - If possible, answer in a dummy way as I'm new to all of this Apache stuff.
The way Joomla returns a blank screen is by adding a blank index.html file in. Browsers prioritise a index.html file to display over the index.php file etc. So literally put in a index.html file in the subfolder containing:
<html>
<body bgcolor="#FFFFFF">
</body>
</html>
I have a PHP application running on a Micrisoft IIS 7 server. The application shows PDF files on an iFrame, which contains user's sensitive data that I wouldn't like to be directly accessed by anyone that knows the file address.
So basically, I'm looking for a way to protect files from direct browser access or download, but still be able to show it on the application's iFrame.
I made some research with Rewrite rules, but since the "HTTP_REFERER" of an iFrame is empty, I couldn't find a good solution
Any suggestions for this?
Thanks in advance
Without seeing any of your code, or how your application works, I can only give suggestions based on how I think your app works.
Rather than showing the files themselves, with links directly to those files, you should consider changing your application so that the PHP reads in the directory, displays the file names (however you want them to appear), with links that go to a download.php page. The download page (after checking whether the user has permission to download the file) then loads the file into memory and serves it out as a response (with appropriate Content-Disposition and Content-Type headers).
Since your PHP application can read files directly within the web directory, you can set up rewrite rules to prevent accessing those files from the web; that way, the files can only be accessed by the PHP application, which doesn't rely on rewrite rules to access the drive.
This is how places like Source Forge can display an advertisement with a countdown that your file download will begin in 5 seconds.
I'm wokring on a small website that I wouldlike to use Less CSS with, but I am having trouble getting the .less file to become available. If I go to the path on the server that the .less file is at through ftp, the file is there in the browser and I can read it. However, tag in the html is bringing me to a 404 page. If I manually type in the location through http it does not work. Why might this be happening?
Requests for static files return 404 error (IIS 6.0)
Im not sure if i understood you correct, but: LESS is not a replacement for CSS. You must generate a CSS-file from your LESS-file to be able to serve it to the browser.
The reason why you cant view it in your browser is because the web server har no MIME-type for LESS-files, and it shouldnt have.
You can however view it through FTP cause its a "normal" text document.
Edit: You can also process the .less-file with javascript, but thats not recommended for production use...