I'm trying to make a file only accessible when you're on a specific page.
Like download.php, the user can click a link to the file and the download starts without problems.
But if you go to the link in the browser directly it should not work.
Could I use .htaccess for this? or how would I do this?
This is possible with .htaccess by checking for the ${HTTP_REFERER}, which is the previous url you were on.
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://www.example.com/download.php
RewriteRule myFile.zip - [R=403,L]
This checks if the previous page was download.php, otherwise it rewrites the request for myFile.zip to a 403 error page.
Note that it is possible to forge a referer by intercepting / creating your own request. This does not provide 100% security.
Related
Firstly, I can't get the correct code looking at other post here, not working for me hahahaha.
I would like to block this specific url: /2017/06/wonder-womannuestra-princesa-feminista.html?m=1 (Related to an old blogger url)
Don't know why but different ips, without referrer and user agent, are spamming (not a real visit cause after a redirection to the new one on WordPress they visit all the links in the url) my site always entering by this url and I would like to block ONLY this one.
I've tried to redirect this one with Redirection plugin but I have a redirection to all "?m=(*)" and this one is the one working, not the one related to the specific url.
I just used : RewriteCond %{REQUEST_URI} ^/2017/06/wonder-womannuestra-princesa-feminista.html?m=1 but it doesn't work.
Could you help, I think the problem is that I'm not witting the correct code due to the "?" character. Many thanks.
With your shown samples, attempts considering that you need to block url(mentioned in comments/question), if this is the case then try following. This rule will forbid this specific url from being accessed.
Please these rules at top of your .htaccess file. Make sure to clear your browser cache before testing your URLs.
RewriteEngine ON
RewriteCond %{THE_REQUEST} \s/2017/06/wonder-womannuestra-princesa-feminista\.html\?m=1 [NC]
RewriteRule ^ - [F,L]
how i can:
ALLOW access to file from website
AND
DENY access to file from all which external to website
Using HTACCESS ?
For example website is stored in a webspace associated to domain: xxx.xx.
Inside a webpage i have a link as:
LINK
And:
Clicking on LINK then start video correctly
BUT
Typing from url (for example): http://www.xxx.xx/video/example.mp4 need return error 403 (denied access) blocking so playing and/or download of file: example.mp4
Thanks for help.
Since it is not easy to write a rule in comments, I am providing a rule which blocks access to a mp4 file based on HTTP_REFERER header value:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?xxx\.xx/ [NC]
RewriteRule ^video/example\.mp4$ - [F,NC]
However keep in mind that clients can spoof HTTP_REFERER header.
Is it possible, to configure the htaccess file in a way, that a redirect to a certain site will happen, if the referer fits to another site? Kinda hard to explain, maybe it will get a bit clearer with an example:
I'm on the site mysite.com, click on a link and will be redirected to mysite2.com. If I just enter mysite2.com, it won't allow me to enter, since the desired way is to go there by link.
If I can make it any cleaner, just let me know.
Place this code in .htaccess at root of the second site.
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://example.org/(.*)$
#or the path to the page with link: !^http://example.org/page.html$
RewriteRule $ http://other_site.org/wrong_referer.html [R]
This will redirect if the referer is wrong. However it is possible to send an incorrect referer, so this check is unreliable.
I'm developing an app in php, and I need to set up a pretty broad .htaccess redirect. I did some reading and tried to write the RewriteConds myself, but it's a bit above my paygrade - I'm hoping someone with more experience can help. Here's what I'm trying to accomplish:
The app is contained in www.example.com/app/. Don't redirect anything above this directory.
Some files exist in this directory that will need to be accessed. Currently these are /app/includes/* and /app/sb_pages/*. This will change and expand in the future, so I need an elegant solution that encompasses all existing files. It's fine if the redirect triggers within these directories when a file isn't found - all I care about is being able to access the files within without the redirect triggering.
All other requests should be redirected to /app/index.php, with the trailing url passed in the querystring. For example, a request to /app/path1/path2/ should redirect to /app/index.php?path=path1/path2/
The redirect should not be transparent. When the user requests /app/path1/path2/, I want them to believe they have remained there. They should not see the url change to /app/index.php?path=path1/path2/.
Just for added clarity, here's a few cases to elaborate:
/app/includes/sidebar.php should not redirect.
/app/includes/nothing.html does not exist - redirect is OK
/app/path1/path2/ should redirect to /app/index.php?path=path1/path2/. User should still see their current URL as /app/path1/path2/.
I hope I've explained it clearly and pre-empted most questions. If you need clarification, please don't hesitate to ask. Thanks in advance for the help!
Try adding this to your .htaccess file in your document root:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^app/(.*)$ /app/index.php?path=$1 [L,QSA]
Note that if you want accesses to existing directories (as opposed to files) to also not be redirected, add a RewriteCond %{REQUEST_FILENAME} !-d above the rule.
I am trying to redirect all sub-directory pages to main directory, except of a few pages (e.g. (somepage1.html).
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/(de|ru)/somepage1.html
RewriteRule ^([a-z]{2}|zh-CN|zh-TW)/(.*)$ /$2 [R=301,L]
Everything working except de/somepage1.html is redirected to home page (/), which is not acceptable. I wont it not redirected at all.
How can I achieve it
Thanks1
Well above rules are clearly excluding de/somepage1.html URL so it is most likely some other rule that is redirecting de/somepage1.html to /. Are you using wordpress or some other CMS tool by any chance? That might have its own rules in .htaccess file, check that please.
Also it would help to check web server's access log when this redirection happens.
the code I provided is working perfectly, so if somebody looking for this kind of a solution can use it without a fought.
The reason for not working is that my website were keeping cash and therefore was not renew frequently.