PHP disable access from other sites

Question

How can i make this file to redirect or to block if visited from another site.

example i want to allow this script to be accessed just from my site example.com and if any other site try to access this php file can it be blocked or redirect

<?php
if (isset($_GET['id'])) {
if (isset($_SERVER['HTTP_RANGE']) && !empty($_SERVER['HTTP_RANGE'])) {


    require_once './include/db.php';
    require_once './include/video-stream.php';
    $stm = $db->prepare("select * from video where code=?");
    $stm->execute(array($_GET['id']));

    if ($stm->rowCount() > 0) {

        $row = $stm->fetch();


        $stream = new VideoStream($row->path);
        $stream->start();
    } else {
        header("message1");
        echo "message2";
        die();
    }
}

Use the referrer and check if the URL is referred from your website. $_SERVER["HTTP_REFERER"]; — Hozikimaru, Sep 25 '15 at 13:24
if (isset($_SERVER['REFERER']) && !empty($_SERVER['HTTP_RANGE'])) { u think this? — Oferta Për Punë, Sep 25 '15 at 13:28
`$_SERVER["HTTP_REFERER"]` isn't reliable; read this http://stackoverflow.com/a/6023980/ — Funk Forty Niner, Sep 25 '15 at 13:29
http://stackoverflow.com/questions/165975/determining-referer-in-php — aimme, Sep 25 '15 at 13:31
What about using .htaccess/nginx rules to achieve this?http://nginxlibrary.com/hotlink-protection/ https://perishablepress.com/creating-the-ultimate-htaccess-anti-hotlinking-strategy/ — nikoskip, Sep 25 '15 at 13:38
As @Fred-ii- mentioned, referrer is not really reliable, and can be spoofed . You could still use it depending on how much of a security you would like, but if you really would like it to be secure you can use WP nonce logic; https://codex.wordpress.org/WordPress_Nonces — Hozikimaru, Sep 25 '15 at 13:53
Take a look at this http://stackoverflow.com/questions/11895557/php-code-for-anti-hotlinking — divaka, Sep 25 '15 at 13:57
`if($host=="www.example.com"){...}` and using an added *twist* ;-) There, *"done like dinner"*. I'll let you figure out the rest. — Funk Forty Niner, Sep 25 '15 at 14:04

score 0 · Answer 1 · answered Sep 25 '15 at 13:57

0

Create a .htaccess file in that directory where the file resides and add

<Files "*">
 Order deny, allow
 Deny from all
 Allow from .example.com
</Files>

which will block that directory accessing from other sites

answered Sep 25 '15 at 13:57

Arun Krish

2,153
1
10
15

i use this RewriteEngine On RewriteBase / RewriteCond %{HTTP_REFERER} !example\.com [NC] RewriteRule .? - [F] # The Friendly URLs part RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php?q=$1 [L,QSA] but how i can exclude folder a folder from here – Oferta Për Punë Sep 25 '15 at 14:06

PHP disable access from other sites

1 Answers1