Allow access to a directory only from the server

Fix it!!

Allow access to a directory only from the server

Postby k-rug » Sun Jun 17, 2007 3:48 pm

Is there a way with mod_rewrite to allow access to a directory only from the server hosting it?

So say I have:
http://www.domain.com/files

Anyone surfing and clicking on resources from www.domain.com can access the files.

But anyone clicking from on a link from an external referrer like an e-mail, search engine or just another website cannot access the directory.
k-rug
 
Posts: 3
Joined: Tue Aug 24, 2004 12:37 pm

Postby richardk » Mon Jun 18, 2007 11:38 am

You want hotlinking protection. In a .htaccess file in /files
Code: Select all
Options +FollowSymLinks

RewriteEngine On

RewriteCond %{HTTP_HOST} !^(https?://(www\.)?domain\.com(/.*)?)?$ [NC]
RewriteRule .* - [F,L]

The above will send a forbidden header, if you would like to send an image instead you'd replace the RewriteRule with
Code: Select all
RewriteRule !^files/hotlinking\.gif$ /files/hotlinking.gif [R,L]


If you wanted to send an image when images are requested, a CSS file when CSS is requested, etc. you'd do something like this
Code: Select all
Options +FollowSymLinks

RewriteEngine On

RewriteCond %{HTTP_HOST} ^(https?://(www\.)?domain\.com(/.*)?)?$ [NC]
RewriteRule .* - [L]

# If it's an image, send the hotlinking image file
RewriteCond %{REQUEST_URI} !^/files/hotlinking\.gif$ [NC]
RewriteRule \.(gif|jpe?g|png)$ /files/hotlinking.gif[R,L]

# If it's .css, send the hotlinking css file
RewriteCond %{REQUEST_URI} !^/files/hotlinking\.css$ [NC]
RewriteRule \.css$ /files/hotlinking.css [R,L]
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am


Return to Security with Mod_Rewrite

Who is online

Users browsing this forum: No registered users and 4 guests

cron