external site using my css and image files, can I block this - .htaccess

each month many gigabytes of traffic on my site is being consumed by various sites, mostly in italy according to my stats. On further review of my raw access logs, they have built in direct reference links to css and png files in my site. I can just rename them but that wont stop them accessing a page in my site to get their full urls and keep accessing them.
Is there a way to block access to css and image files in my site unless they come from the same domain, somehow?
Regards
Greg J

Try adding this to the .htaccess file in your web document root folder (often public_html or htdocs) (edit the name of the domain):
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^yourdomain\.com
RewriteRule (?:jpg|png|gof|css) - [F]
This assumes that mod_rewrite is both installed and activated for htaccess files.
If you are not sure, to check if mod_rewrite is installed, look at the list of installed modules in the output of phpinfo();
By default, mod_rewrite is not enabled for htaccess files. If you are managing your own server, open httpd.conf
and make sure that the webroot directory block contains one of these lines: AllowOverride FileInfo or AllowOverride All

Related

How to redirect non www to www for prod website

I've tried to add the item below in .htaccess(wamp64\bin\apache\apache2.4.37\conf) and enabled Use URL Rewriting in Joomla however when I try to type abc.com in search engine address bar it will still redirect me to search page instead of redirecting me to the website. I've also performed checking and confirmed that .htaccess file is readable, the webpage is work when go to https://www.abc.co m however redirection still not work. I just need the page to redirect from http://abc.co m to https://www.abc.co m Is there any other way to do it? Or I'm doing it wrongly?? Please help.
RewriteCond %{HTTP_HOST} ^abc.com [NC]
RewriteRule ^(.*)$ https://www.abc.co m/$1 [L,R=301]
The redirect itself works great. The issue is where you've put the file.
.htaccess files are meant to be in the root folder and sub-directories of your website, not in the config files for Apache. Think of them as configuration files the server will find on-the-fly as it serves up documents, not static configurations loaded when the server starts (which are found in the "conf" folder you referred to). (See https://httpd.apache.org/docs/current/howto/htaccess.html)
For WAMP, the root folder is typically a folder called "www" and is normally located at c:/wamp/www. See Where is the web server root directory in WAMP? More commonly, though, this folder is called "public_html" (such as with LAMP, XAMP, MAMP, or default Apache installs).

Intranet IP Lockdown

I only want people to access the intranet from my IP.
I have searched different blogs as well but not get more.
I just want my website to be accessed by just my IP address to make it secure. I need an intranet that can be locked down by IP.
Try adding this to the .htaccess file in your web document root folder (often public_html or htdocs), changing the 999... to your IP address:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} ^999.999.999.999
RewriteRule ^ - [F]
This assumes that mod_rewrite is both installed and activated for htaccess files.
If you are not sure, to check if mod_rewrite is installed, look at the list of installed modules in the output of phpinfo();
By default, mod_rewrite is not enabled for htaccess files. If you are managing your own server, open httpd.conf
and make sure that the webroot directory block contains one of these lines: AllowOverride FileInfo or AllowOverride All

Make subfolder act as root for the site contained in that subfolder

I have tried to find a solution to my problem but I have not been able to find any questions/answers that address this specific issue.
I've been tasked with moving a website that was built under its own domain - www.example.com - to now reside in a subdirectory of another site - www.otherSite.com/example.
The site to be moved was built with many references to $_SERVER['DOCUMENT_ROOT'] as well as many relative URLs that start at the root. For example:
<?php include $_SERVER['DOCUMENT_ROOT'] . '/nav.php'; ?>
and
/images/logo.jpg
The problem, of course, is that all of those references to the root for the site moving to the subdirectory will reference www.otherSite.com thereby breaking all of those URLs.
I'm hoping that there's a some way, possibly using .htaccess in the subdirectory, to set that subdirectory as the root for the site in that subdirectory.
Note - I am on shared hosting and do not have access to httpd.conf.
Thanks very much.
On www.otherSite.com host place this code in DocumentRoot/.htaccess:
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://(www\.)?domain\.com/example/ [NC]
RewriteRule ^((?!example/).*)$ /example/$1 [L,NC,R=301]
Have you tried redirecting to the sub-folder from your cpanel?, have you check if some of the settings were stored in a database for the site if any?
Please add more codes from the site so we can understand how the codes look like.

Allowing/Disallowing directory listings with .htaccess

I have a wordpress site running, and currently anyone can view the uploads directory by visiting
http://site.com/wp-content/uploads
I want to stop this directory from being viewed in a browser but I want a subfolder to be viewable (eg. http://site.com/wp-content/uploads/PublicUploads). I have tried setting
IndexIgnore *
in the uploads folder, but I cannot work out how to set the sub folder back to visible.
Any help would be appreciated
Most people use
Options -indexes
To make a subdirectory visible again, you'll need to put a .htaccess file inside that subdir, with Options +indexes inside it.
Using mod_rewrite you can block direct access to wp-content/uploads directory like this:
RewriteRule ^wp-content/uploads/?$ - [F,NC]
Keep in mind that this will only block browsing of /wp-content/uploads contents but will allow /wp-content/uploads/PublicUploads or any /wp-content/uploads/foo.

simple .htaccess rewrite URL to different directory on same server

Ok, I'm clueless here...
I need to rewrite a directory structure and all sub-directories within it to a directory within the same server, but a root that is before the directory.
For example:
http://www.mydomain.com/Themes/default/css/folder
and all directories called upon after folder. Such as folder/sub_folder or folder/afolder/anotherfolder, it needs to include ALL sub-directories within the folder directory.
should be redirected to this:
http://www.mydomain.com
How do I do this via a .htaccess file within the folder path http://www.mydomain.com/Themes/default/css/folder?
Please someone help.
Thanks guys :)
The files within the directory structure still need to be accessible for that structure when called via PHP, but I don't want people being able to browse to http://www.mydomain.com/Themes/default/css/folder and be shown all subdirectories within that folderpath and/or all files. Same thing for all sub-directories that follow that folder path.
I'd like to be able to place the .htaccess file within the http://www.mydomain.com/Themes/default/css/folder directory on the server, but don't know exactly what code to use for this.
ALSO, even more challenging... The domain name can change, so I'd rather not use the domain name within the .htaccess file, instead perhaps use .. or . to go up a directory or a different method of grabbing the domain name within the .htaccess file.
Create a .htaccess file in /Themes/default/css/folder and place these lines there (it requires mod_rewrite):
Options +FollowSymLinks -MultiViews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ http://%{HTTP_HOST}/ [R=301,L]
It will redirect (301 Permanent Redirect) all requests to a folder to a homepage. If file is requested, it will allow it.
If you want to have it working for folders as well as files then remove the RewriteCond line -- it will redirect ALL requests (even for non-existing URLs) to a homepage.
If you will see "500 Internal Server Error" after creating such file, then it is your server configuration: mod_rewrite may not be enabled or it's directives (RewriteRule, RewriteCond, RewriteEngine) are not allowed to be placed in .htaccess. In any case -- check Apache's error log for exact error message (it will give you the exact reason).
http://www.besthostratings.com/articles/prevent-directory-listing.html
IndexIgnore *

Resources