how can i stop accessing my website content [like image,swf,pages etc.] from other domain?
suppose my server has a myflash.swf file in my server with live url http://www.mydomain.com/flash/myflash.swf . i want this flash can't be accased by any other domain using the live url. is it possable?
thanks in advance.
If its HotLinking that you wish to disable, these links may help you:
Htaccess Disable Hotlinking Code Generator
Disable Hot-Linking of images and other files
There is a HTTP header called referrer. It usually contains the site which request your swf to download.
When the Referrer value matches your domain name name, you can serve the content. Otherwise reject it.
Related
We are currently looking at identifying the best approach to carry out a redirection of a url folder to another url folder o a separate domain. We have tried a few options but have been unable to make this work. Any other redirection options such as apache, html etc are not possible. This url is only accessed through the browser by an application to download some files. This application cannot be changed but needs to download these files from another location.
Hence, we need to redirect the following:
https://sub1.domain1.com/xyz
to
https://sub2.domain2.com/abc/xyz
Any ideas how we can achieve this?
Note: we have full control of DNS of the domain1 and there are no plans to use this domain.
You can't do that with DNS alone. The DNS never sees the "path" part of the URL. You need a webserver aware of the situation who can provide a 302 redirect.
Hi there on my site i link to a site that has changed the url of the site but uses the original domain to host the images. Is this possible to catch the links via htaccess but no change any of that domain with an image file detected?
So change outgoing link from www.oldsite.com to www.newsite.com but if images detected leave oldsite.com url.
I have too many links to change manually, is this even possible ?
It can't be done using .htaccess . .htaccess is directory level Apache configuration file!
As per the guidelines to speed up site, I have off-loaded all my static content (JS|CSS|IMAGES) to a subdomain static.example.com.
The site is working fine but the problem arises when I load the secure pages. Browser throws a warnings for "InsecureContent" being loaded into my page.
We have ssl for only root domain not subdomain. I can't get another one but want to handle it this way. As the subdomain folder can be accessed inside the root folder i want this.
I want to handle this with .htaccess this way ->
When referer is https ://www.example.com/anything.php
Rewrite http ://static.example.com/folder/file.ex to https ://www.example.com/static/folder/file.ex
Somebody help me doing this.
Not going to help at all. In order for anything inside an htaccess file to get processed, the request has to have been received by the webserver. When your browser pops up the "Insecure Content" warning, it hasn't sent the request yet. This warning pops up when negotiating the SSL connection, and in your case, your cert doesn't cover the domain the request is being made to. That means adding any sort of redirect on the server's end isn't going to help. You're still going to see the warning.
You need to ensure that your content points to http://static.example.com/ somehow, by either using a relative URI base or maybe absolute URLs that explicitly point to http://.
Another option may be to use some kind of javascript on the client side.
To secure my site I placed blank htmls along with an htaccess file in every subdirectory but I didn't realize the denying all access would also mean denying access from the website itself. When I try to load a page, and it goes into the Images folder, the server responds with:
Failed to load resource: the server responded with a status of 403 (Forbidden)
So how do I change this htaccess code:
order allow,deny
deny from all
Options All -Indexes
To deny access to everything outside of the website, meaning the website itself can access its own content (images, js, css) but no one outside can.
You've already accomplished your stated goal, but obviously that's not really what you're after. Basically everybody that browses to your site is coming from outside and requesting assets from your server. When I request index.html, or any other page from your server, it doesn't send me a complete package as it were, with all of the page's assets wrapped up inside, it just sends me the text that comprises index.html. At that point the browser parses that and handles it accordingy; when it comes across an image tag that has a src on your server, it fires off a new request for that asset, and hopefully your server sends it back in response. [Yes, I realize that was all ridiculously simplified.]
As you've got things set up now, you're denying access to anybody and everybody that requests any assets from your server, which is why you're getting the 403 responses. So whatever it is you actually want to do is going to require a more tightly focused approach. I'll take a stab at it and guess that what you really want to do is prevent people from hot-linking your images?
I'm having a problem with a clients magento site that has https enabled on the secure pages,
The website it built heavily around static block content and on the https pages images are pulled from static blocks (over 400 of them) using the media insert in the static block {{media url="media/bla/bla/bob.png"}} these images are comign through as http://site.com/media/bla/bla/bob.png
its not realistic, and it wouldn't make any sense to go through and change all these links to direct links.
Any ideas?
Cheers
Roly!
You are suppose to use the {{store url=""}} or the {{secure_base_url}}media/ in ur blocks
if ur not certain that ur page will be on HTTPS or HTTP the use first one if you know for sure that the request will be HTTPs use second one. (NOTE. Second is a system config path not the actual value that u'll put in the CMS block).
Hope it helps.
Whereas media files are not subject to a fallback, and with the awareness that if the directory level for Magento changes w/r/t the webroot (e.g. http://site.com/ vs. http://site.com/magento/) you can lead with the double-slash network location:
<img src="//media/bla/bob.png" />
Therefore, a search and replace against using the current data in cms_block.content is indicated.
I'll reiterate that this is not appropriate for skin assets due to the fallback.