0

This is EXACTLY the same case as: (htaccess) How to prevent a file from DIRECT URL ACCESS?

But, no one of codes provided by answers work for me. I tried 1 by 1, then tried to combine, but still not works. Here is my code:

# prevent direct image url access
# ----------
    RewriteEngine On

    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http(s)://(www\.)?example\.com [NC]
    RewriteCond %{HTTP_REFERER} !^http(s)://(www\.)?example\.com.*$ [NC]

    # this not works
    RewriteRule \.(png|gif|jpe?g)$ - [F]

    # and this
    RewriteRule \.(png|gif|jpe?g)$ - [F,NC]

    # and this
    RewriteRule \.(png|gif|jpe?g)$ https://example.com/wp-login.php [NC,R,L]

    # even by combining them
# ----------
# /prevent direct image url access

The case simulation: index.php has <img src="test.png" alt=""> and should be normally accessible. The requirement is: http://example.com/test.png shouldn't be accessible.

I use WordPress in wp-engine, and i think WordPres's default rewrite doesn't cause the problem since the code from answers are placed above WordPress rewrite.

UPDATE

I use PHP Version 5.5.9-1ubuntu4.14 on Apache 2 on wp engine

Community
  • 1
  • 1
Javas Works
  • 63
  • 1
  • 2
  • 6

1 Answers1

0

Your rules basically work for me, except for one thing:

The (s) is not doing what you think it does.

RewriteCond %{HTTP_REFERER} !^http(s)://(www\.)?example\.com [NC]

With parentheses you define a group, which doesn't make any sense at this point. If you remove the (s), it works for http.

If you want to use https too you have to write it like this:

RewriteCond %{HTTP_REFERER} !^https?://(www\.)?example\.com [NC]

The ? will make the preceding character (or group, if in parentheses) optional.

Gerald Schneider
  • 17,416
  • 9
  • 60
  • 78
  • urgh, i updated again the question. So, i just remove the (s) as your advice. But still doesnt do both on localhost & wp-engine. – Javas Works Feb 19 '16 at 08:22