I have already protected images for hotlinking, but I can't grant access to facebook bot. The configuration in my htaccess is:
#Prevent hotlinking
RewriteEngine on
#allows you to specify which files this applies to
RewriteCond %{REQUEST_FILENAME} \.(?:js|css|gif|png|jpg)$
#if the client's (server's) IP address is not this
RewriteCond %{REMOTE_ADDR} !^0\.0\.0\.0$
RewriteCond %{HTTP_REFERER} !^http?://www\.my\.domains\.mx/
RewriteCond %{HTTP_USER_AGENT} !="facebookexternalhit/1.1|facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)|Facebot"
# forbid access
#RewriteRule .* - [F,L]
Well the probles is when I try to limit the user-agent to facebook, this doesn't work and the open graph api can get the images. Thanks!
Try to change the RewriteCond %{HTTP_USER_AGENT}line to:
RewriteCond %{HTTP_USER_AGENT} !(?:facebookexternalhit|Facebot) [NC]
Related
I can allow users to access the admin section of my site based on IP address, and redirect the others to "Page not Found" page with this code:
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/admin(.*)$
RewriteCond %{REMOTE_ADDR} !^123\.45\.67\.890$
RewriteRule (.*) - [R=404,L]
I wonder if it is possible to add a new rule to allow also users trying to access "/admin/index.php?mikey=mouse" no matter which IP address they are coming from, and redirect the others.
I tried this:
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/admin/index.php?mikey=mouse$ [OR]
RewriteCond %{REQUEST_URI} ^/admin(.*)$
RewriteCond %{REMOTE_ADDR} !^123\.45\.67\.890$
RewriteRule (.*) - [R=404,L]
It doesn't seem to work. What am I doing wrong?
This question may look like its been asked already and i have seen them all, i've been looking and attempting a lot of answers AND answers that weren't approved. I have successfully made it so that if the user goes to desktop version it will go to the mobile site and even if they go to places such as.
www.domain.com/aboutus
it would take them to
m.domain.com/?page=aboutus
So here is where the problem lies, not that it doesn't work, but I've been trying to remove the $_GET variable from the redirection the "?page=" part.
my .htaccess looks something like...
<IfModule mod_rewrite.c>
RewriteEngine on
# if it is not a file or folder, rewrite to index.php?page=<value>
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?page=$1 [L,QSA]
</IfModule>
<IfModule mod_rewrite.c>
RewriteCond %{HTTP_USER_AGENT} "android|blackberry|googlebot-mobile|iemobile|ipad|iphone|ipod|opera mobile|palmos|webos" [NC]
RewriteRule ^index.php(.*)$ http://m.domain.com/ [QSA,L]
</IfModule>
I've tried adding the request filename with the redirection for mobile but to no avail. There are websites who have achieved it like 9gag by using the in built Google Chrome inspect element, google changes the user agent to devices that are selected (Mobile Phones) and I've used that to test how the redirection goes. so if i write 9gag.com/hot - it would take me to m.9gag.com/hot not m.9gag.com/?page=hot or wherever.
Thanks in advance, I've really been bothered by this.
You need to check the mobile redirect first, and you need to include the request URI.
<IfModule mod_rewrite.c>
RewriteEngine on
# Redirect mobile requests to the mobile site
# (but don't redirect when accessing certain directories)
RewriteCond %{REQUEST_URI} !^/images [NC]
RewriteCond %{HTTP_USER_AGENT} "android|blackberry|googlebot-mobile|iemobile|ipad|iphone|ipod|opera mobile|palmos|webos" [NC]
RewriteRule ^(.*)$ http://m.domain.com/$1 [R=302,L]
# If it is not a file or folder, rewrite to index.php?page=<value>
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?page=$1 [L,QSA]
</IfModule>
You can make the redirect permanent by changing 302 to 301.
My current htaccess prevents hot linking and direct download of files but its also blocking download from within the site. if the user is at http(s)?://(www\.)?domain.com/portal/WHATEVER then allow download, that's what i'm trying to achieve any advice?
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain.com [NC]
RewriteRule \.(pdf|xls|xlsx|docx|doc)$ https://www.sub.domain.com/login.php [NC,R,L]
I have like 10 addon domains on my main website, and atm you can visit any addon (call it test1.com) website with link as test1.mainwebsite.com or www.mainwebsite.com/test1
How can I block this access to addons?
I have tried this, but this block only www.mainwebsite.com/test1 way.
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www.)?mainwebsite.com$ [NC]
RewriteCond %{REQUEST_URI} ^/google.com/(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^/something.net/(.*)$
RewriteRule ^(.*)$ - [L,R=404]
Disable access to a subdomain
The following is an example '.htaccess' code which provides a thorough means of making the Addon domain folders, and their contents, invisible through the main domain by forcing a "404 Not Found" error. This will work both for web browsers and search engines:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www.)?domain.com$ [NC]
RewriteCond %{REQUEST_URI} ^/addonfolder/(.*)$
RewriteRule ^(.*)$ - [L,R=404]
Is it possible to accept traffic from only one domain, ideally using a .htaccess file?
I want my site to only be accessible via a link on another site I have.
I know how to block one referring domain, but not all domains
RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} otherdomain\.com [NC]
RewriteRule .* - [F]
this is my full rewrite code:
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !domain\.co.uk [NC]
RewriteRule .? - [F]
# The Friendly URLs part
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
I think it is working, but none of the assets are getting loaded and I get a 500 error when I click on another link.
Make that something like:
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !yourdomain\.com [NC]
RewriteCond %{HTTP_REFERER} !alloweddomain\.com [NC]
RewriteRule .? - [F]
The first RewriteCond checks that the referrer is not empty. The second checks that it doesn't contain the string yourdomain.com, and the third that it doesn't contain the string alloweddomain.com. If all of these checks pass, the RewriteRule triggers and denies the request.
(Allowing empty referrers is generally a good idea, since browsers can generate them for various reasons, such as when:
the user has bookmarked the link,
the user entered the link manually into the address bar,
the user reloaded the page,
the browser is configured not to send cross-site referrer infromation, or
a proxy between your site and the browser strips away the referrer information.)