How prevent unhautorized access to file with htaccess - .htaccess

how i can:
ALLOW access to file from website
AND
DENY access to file from all which external to website
Using HTACCESS ?
For example website is stored in a webspace associated to domain: xxx.xx.
Inside a webpage i have a link as:
LINK
And:
Clicking on LINK then start video correctly
BUT
Typing from url (for example): http://www.xxx.xx/video/example.mp4 need return error 403 (denied access) blocking so playing and/or download of file: example.mp4
Thanks for help.

Since it is not easy to write a rule in comments, I am providing a rule which blocks access to a mp4 file based on HTTP_REFERER header value:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?xxx\.xx/ [NC]
RewriteRule ^video/example\.mp4$ - [F,NC]
However keep in mind that clients can spoof HTTP_REFERER header.

Related

Is there any way to open another file when accessing an image via htaccess?

I would like when accessing the url https://www.italinea.com.br/uploads/jx5rufam7adfwd75pi6c.jpg, which is an existing file on the server, open the php file https://www.italinea.com.br/image.php.
Which htaccess rule do I use?
I tried to use:
RewriteRule ^(.+)\.jpg image.php [L,QSA]
But as it is an existing file, it opens the image and not the .php file
RewriteRule ^(.+)\.jpg image.php [L,QSA]
This is the right idea and should "work", although it could be simplified a bit. And it is rather generic, so matches every .jpg request.
If this is not working then either:
You have a conflict with other directives in the .htaccess file (the order of directives can be important).
You have a front-end proxy that is serving your static content. This is a problem if the URL being requested maps to a physical file as the application server (ie. .htaccess) is then completely bypassed.
If this is the case then see my answer to the following related question:
WordPress: can't achieve direct image access redirection via .htaccess

File restriction to specific page

I'm trying to make a file only accessible when you're on a specific page.
Like download.php, the user can click a link to the file and the download starts without problems.
But if you go to the link in the browser directly it should not work.
Could I use .htaccess for this? or how would I do this?
This is possible with .htaccess by checking for the ${HTTP_REFERER}, which is the previous url you were on.
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://www.example.com/download.php
RewriteRule myFile.zip - [R=403,L]
This checks if the previous page was download.php, otherwise it rewrites the request for myFile.zip to a 403 error page.
Note that it is possible to forge a referer by intercepting / creating your own request. This does not provide 100% security.

How to disable files to load from an external URL?

I have a website that have some files that are accessed publicly. Anyone can download them.
I have discovered lately that a website has added links to these files. With this way they claim ownership of them and they consume my bandwidth since they fetch them from my server.
How can i block other websites to refer to my website files?
I don't care if this files are not crawled by Google since now i refer to them using the rel="nofollow"
Can anyone suggest a solution.
What you are looking for is preventing deeplinking of contents on your website. Try the following in appache httpd.conf file it will creates a failed request when hot linking of the specified file types occurs.
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example.com/.*$ [NC]
RewriteRule \.(gif|jpg|js|css|<whatever extensions you want to block>)$ - [F]
If the content you want to block is generated dynamically using some programming language, you can check if the referrer header matches your domain and then continue the processing of the request.
JAVA
"http://www.example.com".equals(request.getHeader("referer"));
PHP
$_SERVER['HTTP_REFERER']=="http://www.example.com"

Use htaccess to only allow one page to access video

I have a folder on my site which contains several mp4 files. I have a php page on my site which is used to play those mp4 videos. I am new to htaccess and what I need is an htaccess that allows my videowindow.php to access the mp4 files but prevent access to those files if not from videowindow.php
Basically unless the video is being accessed by videowindow.php the video can not be accessed. I tried several examples I found here and there but none of them seem to work. Most of them deny access to the video files completely so they can't even be accessed by my own videowindow.php file.
Any help on this is appreciated.
You can do this by checking the HTTP "Referer" request field, but this in no way guarantees any access restrictions. The referer field can be easily forged.
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://your-domain\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} !videowindow\.php$
RewriteRule \.mp4$ - [L,F]
This will make it so if a referer doesn't start with your domain and doesn't end with videowindow.php, then any access to mp4's will result in a 403 forbidden response.

htaccess selective redirect

I am trying to redirect all sub-directory pages to main directory, except of a few pages (e.g. (somepage1.html).
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/(de|ru)/somepage1.html
RewriteRule ^([a-z]{2}|zh-CN|zh-TW)/(.*)$ /$2 [R=301,L]
Everything working except de/somepage1.html is redirected to home page (/), which is not acceptable. I wont it not redirected at all.
How can I achieve it
Thanks1
Well above rules are clearly excluding de/somepage1.html URL so it is most likely some other rule that is redirecting de/somepage1.html to /. Are you using wordpress or some other CMS tool by any chance? That might have its own rules in .htaccess file, check that please.
Also it would help to check web server's access log when this redirection happens.
the code I provided is working perfectly, so if somebody looking for this kind of a solution can use it without a fought.
The reason for not working is that my website were keeping cash and therefore was not renew frequently.

Resources