Reputation: 9
How to prevent direct access to files but allow files in webpages
I'm trying to use mod.rewrite to deny direct access to files on my web server, e.g. http://domain.tld/reports/imareport.pdf or http://domain.tld/img/img1.png, and I've used the answer on this question:
(htaccess) How to prevent a file from DIRECT URL ACCESS?
That page suggests using mod.rewrite like this:
RewriteEngine on
RewriteRule \.(png|pdf|htm)$ - [F]
Using mod.rewrite in this manner works fine for denying access to PDFs, but other files that are ordinarily included in a page such as images and css are not only blocked from direct access, but also blocked when used on a webpage in a normal <img> tag or whatever. This is contrary to the question and answer mentioned above.
So... my question is... is there a way to block direct access to files but still allow them in webpages?
Upvotes: 1
Views: 5907
Answers (1)
Reputation: 9
Thanks Mark Phillips, I didn't fully appreciate what these two rewrite conditions were doing for me:
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost.*$ [NC]
So I had managed to mess them up. Things worked as needed when I used the code just as it was.
Upvotes: 0
Related Questions
- How to prevent users from accessing files directly from url?
- htaccess prevent direct access to files while allowing rewrite rules to access them
- Prevent direct url access to files
- Deny direct access to files in folder
- How do i restrict direct access (from browser) to a folder but allow access to image files inside it..?
- .htaccess: deny direct access to files in specific case
- Prevent direct file access
- Deny direct access to files using htaccess
- deny direct access to a files but allow php and html to read it from .htaccess
- Restrict direct file access with Apache .htaccess