Is it possible for the image to be loaded only in src with relative path and not be directly accessible?
In other words, <img src="example.jpg" /> would work, but visiting http://example.com/example.jpg directly wouldn't?
Sort of--you can at least check the referer, and if the referer is not from your site, mark the resource as forbidden:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://www.example.com/.*
RewriteRule .*\.jpg - [NC,F]
That would serve a forbidden response for any jpg if the referer header is not set to your website.
Related
I'm trying to make a file only accessible when you're on a specific page.
Like download.php, the user can click a link to the file and the download starts without problems.
But if you go to the link in the browser directly it should not work.
Could I use .htaccess for this? or how would I do this?
This is possible with .htaccess by checking for the ${HTTP_REFERER}, which is the previous url you were on.
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://www.example.com/download.php
RewriteRule myFile.zip - [R=403,L]
This checks if the previous page was download.php, otherwise it rewrites the request for myFile.zip to a 403 error page.
Note that it is possible to forge a referer by intercepting / creating your own request. This does not provide 100% security.
I have a folder on my site which contains several mp4 files. I have a php page on my site which is used to play those mp4 videos. I am new to htaccess and what I need is an htaccess that allows my videowindow.php to access the mp4 files but prevent access to those files if not from videowindow.php
Basically unless the video is being accessed by videowindow.php the video can not be accessed. I tried several examples I found here and there but none of them seem to work. Most of them deny access to the video files completely so they can't even be accessed by my own videowindow.php file.
Any help on this is appreciated.
You can do this by checking the HTTP "Referer" request field, but this in no way guarantees any access restrictions. The referer field can be easily forged.
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://your-domain\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} !videowindow\.php$
RewriteRule \.mp4$ - [L,F]
This will make it so if a referer doesn't start with your domain and doesn't end with videowindow.php, then any access to mp4's will result in a 403 forbidden response.
I'd like to cut off access to a subdirectory on my site but I want any access in the subdirectory to be a 404 error, not a 403 forbidden. How can this be accomplished?
Try:
RewriteRule ^directory/ - [L,R=404]
This redirects all requests for the folder "/directory/", they get a 404 response.
I think, 410 error better
RewriteRule ^directory/ - [L,R=410]
or my search:
RewriteCond %{HTTP_USER_AGENT} (googlebot|bingbot|Baiduspider) [NC]
RewriteRule .* - [R=410,L]
on russian wiki
404 Not Found [19] - the most common mistake when using the Internet, the main reason - an error in writing the address of a Web page. The server understood the request, but did not find the corresponding resource at the specified URL. If the server knows that there was a document at this address, then it is desirable for it to use code 410. Answer 404 can be used instead of 403 if you need to carefully hide certain resources from prying eyes. Appeared in HTTP/1.0.
Redirect 404
Put this into the .htaccess file in the directory that you want off the record. The Redirect directive is part of mod_alias and can be used to send any status code, not just redirects.
You could also for the time being change which page a user will see when confronted with a 403 error, but I wouldn't recommend doing this long-term.
.htaccess:
ErrorDocument 403 /your404pagehere.php
I've got the following Rewrite:
RewriteEngine On
Options +Indexes
RewriteRule ^/#/why-us/44534/$ http://www.new-site.com/why-us/? [R=301,NE,NC,L]
RewriteRule ^/#/about-us/33945/$ http://www.new-site.com/about-us/? [R=301,NE,NC,L]
I've put this in the .htaccess file in the root of my site. However, when visiting:
www.old-site.com/#/why-us/44534 I just get the 'Index of /' page for old-site.com
Not sure why the url structure of old site has /#/ at the start, but it's not something I can control!
It is because browser doesn't send any request to web server for URL part after hash sign that's why for a URL of: www.old-site.com/#/why-us/44534 browser just sends www.old-site.com/ to web server while trying to scroll down page to an undefined tag why-us/44534.
I don't know if this is possible or not, I have an image host that I've made myself. I need some last tweaks with it.
Whenever an image has been deleted or is an invalid image url, it should replace with an 404 image, so for example if someone adds this:
http://imagehosturl.com/i/34njk5n.jpg
But it's an invalid link, so I need it to show:
http://imagehosturl.com/img/notfound.jpg
Which is like this:
alt text http://tinypic.com/images/404.gif
I do know that .htaccess can do this with it's ErrorDocument 404, but I have one already when a user access to an invalid page, so it would show the 404 page.
So whenever a user hotlinks an image and it's invalid or is deleted, I need it to be replaced with the 404 image.
How can I make this?
Here's one potential answer:
RewriteEngine on
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
RewriteRule \.(gif|jpe?g|png|bmp) /path/to/logo.gif [NC,L]
Another is to use a custom scripted page:
Use the errorDocument directive
(documented at [httpd.apache.org ]) to
point a '404' error to a script (perl,
PHP, whatever). If the requested file
has an image extension (or has an
image/* mimetype; PHP supplies the
mime_content_type [us2.php.net]
function for this; I'm sure there are
many ways to do this in perl; the
MIME::Types [search.cpan.org] module
is one way), then set the
"Content-Type" header to the mimetype
of your logo image and return the
content of the logoimage to the
browser.
http://www.webmasterworld.com/forum92/3458.htm
<FilesMatch ".(jpg|png|gif)$">
ErrorDocument 404 "/path/to/image.jpg"
</FilesMatch>
With Apache, you can have multiple .htaccess files. So, if all of your images are stored in the same directory, create an .htaccess file inside of that directory and add
ErrorDocument 404 /img/notfound.jpg
This will create a custom 404 redirect that is applied only to your image directory, plus its subdirectories.
You can use ErrorDocument with FilesMatch directive
<filesMatch "\.(jpg|png|gif)$">
ErrorDocument 404 /image.jpg
</filesMatch>
This will show /image.jpg if a 404 image uri with jpg png or gif extension is requested.
you can also add your custom image or html markup to the errordocument :
<filesMatch "\.(jpg|png|gif)$">
ErrorDocument 404 '<img src="image.jpg">'
</filesMatch>
According and in addition to AdamH's answer, you should output 404 header. Here's what I'm using,
.htaccess
RewriteEngine on
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
RewriteRule \.(gif|jpe?g|png|bmp) /upload/image404.php [NC,L]
image404.php
<?php
$file = 'image404.jpg';
$type = 'image/jpeg';
header("HTTP/1.0 404 Not Found");
header('Content-Type:'.$type);
header('Content-Length: ' . filesize($file));
readfile($file);
?>