[nycbug-talk] direct file access denied via htaccess

Hans Zaunere lists
Thu Jun 16 01:13:37 EDT 2005


> hi all am trying (dont even know if this is possible) to prevent anybody
> and all from accessing anhy files via http directly
> 
> i know the proper syntax for preventing hotlinking
> 
> 
> # cat .htaccess
> RewriteEngine on
> RewriteCond %{HTTP_REFERER} .
> #RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.(com|net) [NC]
> RewriteRule \.(gif|jpg|bmp|mid|css)$ - [F,NC]
> 
> but say that you know that i have a jpg at
> http://www.mydomain.com/stever/junk/001.jpg
> 
> i need to prevent anybody from pasting that into their browser and
> getting that image. the above htaccess file aint working, how can i make
> this happen.

For this last paragraph, you can use:

http://httpd.apache.org/docs/mod/core.html#files
http://httpd.apache.org/docs/mod/core.html#filesmatch

And there's of course:

http://httpd.apache.org/docs/mod/core.html#directory
http://httpd.apache.org/docs/mod/core.html#directory

And:

http://httpd.apache.org/docs/mod/core.html#directory
http://httpd.apache.org/docs/mod/core.html#locationmatch

It just depends on how you exactly want Apache to behave.


---
Hans Zaunere
President, Founder

New York PHP
http://www.nyphp.org

AMP Technology
Supporting Apache, MySQL and PHP








More information about the talk mailing list