I have a site that plays music. The user can listen to a song only by navigating to a specific site on the server that retrieves the music file and presents it to the user through the audio html tag. In order to prevent the users from accessing directly the song's address I implemented a year ago the following htaccess script:
Header set Access-Control-Allow-Origin "http://myexamplesite.000webhostapp.com/"
ErrorDocument 403 /error404.php
ErrorDocument 404 /error404.php
Options -Indexes
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(myexamplesite\.)?000webhostapp [NC]
RewriteCond %{HTTP_REFERER} !^http://(myexamplesite\.)?000webhostapp.*$ [NC]
RewriteRule \.(mp3|png|jpg)$ - [F]
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http(s)?://(www.)?(myexamplesite.000webhostapp.com)(/)?.*$ [NC]
RewriteRule .*.(.zip|.rar|.exe|.mp3|.pdf|.swf|.psd)$ http://myexamplesite.000webhostapp.com/error404.php [R,NC]
This script has been working flawlessly until a week ago, when chrome and mozilla updated and since then I see the error below on the chrome developer tools.
The browser cannot load any media such as images, documents and music files as described in the script above.
When I remove the script the problem is resolved but by doing so lets the users access and hotlink my resources with great ease.
The most confusing part is that mobile browsers have not any problem while desktop ones show errors. For example the updated chrome and firefox mobile browsers can access the site normally with all those resources without the issues dealt on desktop browsers.
I have tested if the problem appears in various computers and it still appears.
I believe that the problem shows up in newly updated browsers because the problem does not show up on elder versions of mozilla firefox desktop browser (version 47).
What causes this problem? How can I deal with it? I need a solution that does not override the main purpose of the htaccess script; to not allow direct access and hotlinking to sensitive media (images, pdf documents and mp3 files).
Related
How to restrict/block users with Firefox and Chrome user-agent who tring to accessing to this page:
http://example.com/test/mypage.php
http://example.com/test/mypage2.php
Or block entire pages in folder "test" from accessing only for Firefox and Chrome user-agent .
All another users-agents can be access to this pages regulary.
I want to do with .htaccess.
Is this possible and how to do that? Thanks
You can use the server variable %{HTTP_USER_AGENT}:
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^.*(Firefox|Chrome).*$ [NC]
RewriteRule ^test - [F]
N.B. Note that User Agent strings are notoriously unreliable indicators of the actual user agent. If, for example, an Opera browser is broadcasting a User Agent string containing the word Chrome, then that Opera browser will also be blocked by the RewriteCond above.
I have a website a company I freelance for took over and since it was transferred their site went down. The website is www.baseline-enserv.com.
For me, it shows up fine in Internet Explorer and safari but in Chrome and Firefox it's redirecting it to an https:// of which it is not.
I have checked the htaccess and it had a https redirect in there which i've removed. I did a database search and didn't find any URL's with https and I checked the wordpress settings for the site itself and it's set to http://.
I can't figure out where else to look to find out what's causing it to redirect. I even checked to see if there was a DNS setting that somehow did it but there is none.
It should NOT be redirecting to https but should be http only.
I also ran a test on geopeeker.com and to my surprise it checks out in all locations, but it may be using the same browser that i'm using that shows up fine.
I also have an account for browserstack so I have tested it on there and it checked out and loaded fine in Firefox 47 and 45, Windows 8 as well as Chrome 50 and 51.
It seems as if it's a caching issue but when I clear my cache and cookies it still doesn't work.
Thanks!
This is all that resides in the htaccess by the way.
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /site/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /site/index.php [L]
</IfModule>
# END WordPress
They had the site installed into a site folder in the root.
It is definitely a cache mechanise problem. Your site used to have a Permeant Redirect (301) rule in .htaccess. And that is being cached by the browser.
In Chrome, I don't think that "Clear browsing data" will be helpful in this case. There are some workarounds, I think that might help:
For Chrome:
Try to use incognito mode for testing
Try to open the inspector, and go to Settings (three dots on the right side) => check Disable cache (while DevTools is open), and reload the page.
For Firefox:
Private tab will work fine
Or you manually check cache file to make sure by accessing "about:cache"
If none of above work, try to put some random query string after the url for testing. For example:
www.baseline-enserv.com/?test
If it doesn't work too, I think you have to try it out on other machine/device. But after all, that cache will not last for long. And it will soon be cleaned. So, if it is no urgent, just sit back and get some coffee. And get back to it later.
Hope that helps!
I want to redirect all urls without www to the www-version:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.domain\.tld$ [NC]
RewriteRule ^(.*)$ http://www.domain.tld/$1 [R=301,L]
that works for every browser except google chrome with subfolders. That means http://domain.tld is redirected to http://www.domain.tld like it should but when I want to access http://domain.tld/subfolder I get a 'ERR_NAME_NOT_RESOLVED' error in chrome.
Firefox, IE, Safari are working.
I have no definite answer for you, but these few hint may help you :
idea 1
Chrome uses google own's DNS, so it might be that it is trying to reach directly the ip host known as www.domain.tld for wich it does'nt find a record.
Idea 2
You might want to install fiddler and run a trace to see exactly what is exchanged between chrome and the internet. This way you'll know if your apache conf is firing the redirect correctly.
I tried typing both adresses in chrome directly : none is recognized by the omnibar (which suggests to me an issue with google dns mirrors)
I have a website that have some files that are accessed publicly. Anyone can download them.
I have discovered lately that a website has added links to these files. With this way they claim ownership of them and they consume my bandwidth since they fetch them from my server.
How can i block other websites to refer to my website files?
I don't care if this files are not crawled by Google since now i refer to them using the rel="nofollow"
Can anyone suggest a solution.
What you are looking for is preventing deeplinking of contents on your website. Try the following in appache httpd.conf file it will creates a failed request when hot linking of the specified file types occurs.
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example.com/.*$ [NC]
RewriteRule \.(gif|jpg|js|css|<whatever extensions you want to block>)$ - [F]
If the content you want to block is generated dynamically using some programming language, you can check if the referrer header matches your domain and then continue the processing of the request.
JAVA
"http://www.example.com".equals(request.getHeader("referer"));
PHP
$_SERVER['HTTP_REFERER']=="http://www.example.com"
I have a folder on my site which contains several mp4 files. I have a php page on my site which is used to play those mp4 videos. I am new to htaccess and what I need is an htaccess that allows my videowindow.php to access the mp4 files but prevent access to those files if not from videowindow.php
Basically unless the video is being accessed by videowindow.php the video can not be accessed. I tried several examples I found here and there but none of them seem to work. Most of them deny access to the video files completely so they can't even be accessed by my own videowindow.php file.
Any help on this is appreciated.
You can do this by checking the HTTP "Referer" request field, but this in no way guarantees any access restrictions. The referer field can be easily forged.
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://your-domain\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} !videowindow\.php$
RewriteRule \.mp4$ - [L,F]
This will make it so if a referer doesn't start with your domain and doesn't end with videowindow.php, then any access to mp4's will result in a 403 forbidden response.