This question have been on SO quite a few times, i have tried all the available options but still i am having hard time blocking a pdf file from direct access using absolute URL.
I using the following code inside .htaccess file which is in the same folder where pdf's are
Order Allow,Deny
<FilesMatch "^[^.]+\.(gif|jpe?g|png|pdf|doc|docx|txt|rtf|ppt|pptx|xls|mp4|mov|mp3|mpg|mpeg)$">
Deny from all
</FilesMatch>
When i access the directory of the pdf files it shows me a 403 forbidden access but the moment i enter the absolute url of the pdf it starts rendering the pdf in the browser.
Directory Url http://thetutlage.com/demo/pdfReader/files
Pdf Url :- http://thetutlage.com/demo/pdfReader/files/tracemonkey.pdf
Any help will be great. I have also tried using a redirect rule if a file has .pdf extension but that doesn't seems to be working as well.
Works fine:
Order Allow,Deny
Allow from all
<Files ~ "\.(gif|jpg|png|pdf)$">
Deny from all
</Files>
Related
I have a site that has a some pdf files to download. i want to block direct file download.
example: if a user try https://skpselearning.enovic.in/uploads/document/viewer.html?file=lesson9.pdf it should download. but without viewer.html? it will should be block. ie https://skpselearning.enovic.in/uploads/document/lesson9.pdf this url will be block. how to do this?
(You've not stated how your viewer.html script is downloading/displaying the .pdf files? Simply blocking direct access to the .pdf files could also block access to your script, depending how it is implemented.)
So, all you are really asking (and all that can be answered) is how to block direct access to the .pdf files...
To block (403 Forbidden) HTTP access to all .pdf files on the site:
<Files "*.pdf">
Require all denied
</Files>
Or, to block only .pdf files in the /uploads/document subdirectory then you can use the following mod_rewrite directives at the top of the .htaccess file:
RewriteEngine On
RewriteRule ^uploads/document/[^/]+\.pdf$ - [F]
SetEnvIf User-Agent .*Wget* wget
Order deny,allow<br>
Deny from all<br>
Allow from env=wget
ErrorDocument 403 /403.shtml
So I am currently using the above lines of text inside my htaccess file, and it works perfectly. The problem is I need to allow access to a mailer.php file that is also listed in that directory.
Is there a way i can allow access to just this file and use the above code yet to block out the rest?
And if it matters, the phpfile writes to a file inside that directory... it is called rc3.key (not sure if that is important but i think it could be)
Just add the following:
<Files "mailer.php">
Allow from all
</Files>
This will allow everyone to access mailer.php but will throw a 403 error for every other file.
I have a website with files that should only be downloaded from the download.php file, their saved in a map like /uploads/map1_/file.bin
I don't want people to be able to download the file directly from the directory but only from the download page. I think this is possible with htacces, but I can't find how to do that..
First, create a .htaccess file in your /uploads/ folder.
Then, put this code into it
<FilesMatch "\.bin$">
Order Allow,Deny
Deny from All
</FilesMatch>
Options -Indexes
Note: the most secure solution is to put your bin files out of public scope
I have one website (www.mysite.com) that I have on a temporary redirect to another folder (www.mysite.com/tempfolder/index.php). I also host another site in the root folder of www.mysite.com called www.subsite.com. It has it's own URL, but I can't figure out how to make that entire sub-folder exempt from the redirect! Any ideas? Here is what my .htaccess file looks like right now (which is perfectly redirecting everything to the temporary landing page).
<Limit GET POST PUT>
order deny,allow
deny from all
allow from ***
allow from ****
allow from *****
</LIMIT>
ErrorDocument 403 http://www.mysite.com.com/tempfolder/index.php
<filesMatch ".(htm|html|php|css|js|php|gif|jpg|db|png)$">
order allow,deny
allow from all
</FilesMatch>
Any ideas? thanks all!
try putting an .htaccess file in the subfolder that does not contain the redirection rules. That should work just fine -- it can even be a blank file.
Hello I don't know much about the .htaccess configuration, but I want to restrict access to php files on my web server and I want to have only index.php with parameters accessible.
My files are in subfolder like: www.mydomain.com/sub/index.php. I want to have access to open that index.php in subfolder, css files and js files.
Here is my configuration I have so far:
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
<Files /index.php>
Order Allow,Deny
Allow from all
</Files>
<FilesMatch "*\.(css|js)$">
Order Allow,Deny
Allow from all
</FilesMatch>
I have tried to do something like <Files sub/index.php> but everytime it restricts all php files in subfolders and www.mydomain.com/index.php works fine.
Can anyone help me with it?
You can move all files except ones needed to be accessible by http (index.php, css, images etc.) out from DocumentRoot directory to upper level, so directory layout looks like this:
/lib
/files
/html
/index.php
/css/
/images/
where /html is your DocumentRoot.
In this case you won't need any additional restrictive rules in .htaccess or VirtualHost configuration/
htaccess may not be the best option to preventing direct access to some of your Php files. Instead, create an access value and set it to some value in the page you wish directed access to and don't set it in other pages otherwise.
$access = 'some value';
if(empty($access)) { header("location:index.php"); die();}
This way other php files will only be accessible via include or require. Hope that helps.