How deny direct access for uploaded js files in htaccess? - .htaccess

I used File Manager and uploaded some txt and js files which is not part of site.
I denied access to site from refers except one.
Files can be read using browser.
I created folder and put these txt and js files,added htaccess and wrote next code
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://allowed refer site/ [NC]
RewriteRule .*\.(js|css)$ - [F]
However txt and js can be opened using browser.
<FilesMatch ~ "\.(txt|js)$">
Order allow,deny
Deny from all
</FilesMatch>
This code didn't effect,files are still can be read.
All files have chmod 600.How close access to these files to all refers except one?

Related

.htaccess in subdirectory to deny everything in subdirectory except index.php

Here's what the web hosted directory looks like:
public_html
subdirectory
index.php
other stuff
.htaccess
Is there a way to make the .htaccess file deny everything relative to its location (i.e. everything in the subdirectory) except for the index.php file in that directory, without affecting anything located in its parent directory?
I've tried the following, but it's denying me access to /subdirectory/ as well. If I do /subdirectory/index.php it seems to work.
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
<Files ./index.php>
Order Allow,Deny
Allow from all
</Files>
The most ideal is if the solution is agnostic of the directory structure it's in -- that is in the future I could move everything to the parent directory, and it'd still work.
Try this in the mentioned .htaccess location :
RewriteEngine On
RewriteRule !^(index|$) - [F]
That will only allow request to index at this directory and will not affect parent directory.

YIi2 upload folder move to project root directory

how to keep Files upload folder in root directory of project.
which change need in htaccess?
Options -Indexes
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} !^public
RewriteRule ^admin(.+)?$ backend/web/$1 [L,PT]
RewriteRule ^(.*)$ frontend/web/$1 [L]
</IfModule>
# Deny accessing below extensions
<Files ~ "(.json|.lock|.git)">
Order allow,deny
Deny from all
</Files>
# Deny accessing dot files
RewriteRule (^\.|/\.) - [F]
currently my image files are store in
project/backend/web/uploads/
i want to upload dynamic files in
root folder of project ie project/uploadImage
the project root directory in advanced template is two level upper the home directory for you application .
then If you have proper right for this and need an access to this level you could create an alias eg:
Yii::setAlias('#my_project_home', realpath(dirname(__FILE__).'/../../'));
or if you want store in upload subdir of project directory
Yii::setAlias('#my_project_upload', realpath(dirname(__FILE__).'/../../upload'));
you can retrive the alias using :
Yii::getAlias('#my_project_upload'); // displays: your_project/upload
see more for alias here http://www.yiiframework.com/doc-2.0/guide-concept-aliases.html

Deny access to all jpg urls that have a certain name in the url

I have jpg urls like these:
http://domain.com/members/content/upload/temp/1600watermarked/photo.jpg
http://domain.com/members/content/upload/test-123/1200watermarked/photo.jpg
http://domain.com/members/content/upload/random/1800watermarked/photo.jpg
In the folder content I have an htaccess file with this in there:
<FilesMatch /watermarked/.*>
Order Allow,Deny
Deny from all
</FilesMatch>
But that doesn't seem to work in blocking any jpg urls with the word "watermarked" in them. Any suggestions?
Well after some more experimenting I got this:
RewriteCond %{REQUEST_URI} ^(.*)watermarked(.*)$
RewriteRule ^(.*)$ http://domain.com/forbidden.htm [R=301,L]
It's not exactly a forbidden error but it works better in my case since I can redirect them to a page to upgrade their accounts to see the blocked content.

Stop access to directory with .htaccess

I am trying to stop access to two certain folders with this .htaccess code:
RewriteEngine On
RewriteRule ^(nigel/|multicraft/) - [F,L,NC]
I get a 500 Internal Server Error when I open the website in a browser.
Put .htaccess in the directories with this content:
Order Deny, Allow
Deny From All

htaccess rules to block all but server

looking for some htaccess rewrite rules to block all access to a directory except for the server itself. It's a directory full of images and flash swf files. Yes I know it's sort of odd to not want direct access to a file its own directory, but to allow it to be seen by the user when referenced in other html outside the protected directory, but thats what i'm after. I have tried a few different methods as shown below:
# send them to index.php
Options +FollowSymlinks
RewriteEngine on
#RewriteRule ^(.*)$ ../User/ [NC]
#RewriteRule ^(.*)$ [R=301,L,NC]
# no one gets in here!
#deny from all
Options All -Indexes
<Limit GET POST PUT>
order deny,allow
deny from all
allow from 192.168.0.0/33
</Limit>
None of them seem to really do what I want. some of them block access to everything, including the server itself. Other redirect the request to another page, but because it keeps the same url, the links on the 'page' the user gets redirected to wont work.
If possible I would not even like to do a 404 warning, because while this disallows users access to the directory, the user will still know that that directory exists.
You can simply use this one line rule to do that:
RewriteRule ^mydir/ - [L,R=404,NC]
That way all the files under /mydir/ will generate 404 errors to your visitors but your server will still have access to those files.

Resources