Disallow direct access to files

Question

I'm working on a project, a little one. And I'll be interesting in disallow the direct access to files by URL.

Like you have a folder called "stock" where is situated all your images. You take the image cat, for example, and I want to disallow direct access to this file by this URL mysite.com/stock/cat.jpeg

But, in the same time, I want to be able to use these images on my website.

What is the best way to realise that ? I used .htaccess in the "stock" folder, with a Deny from all. But I wasn't able to use the file.

For the moment, I work on the localhost, but I'll put this live. And my framework (PHP) is CodeIgniter.

Thanks and have a good day :)

Possible duplicate of [(htaccess) How to prevent a file from DIRECT URL ACCESS?](http://stackoverflow.com/questions/10236717/htaccess-how-to-prevent-a-file-from-direct-url-access) — Takarii, Sep 15 '16 at 12:52
Try this answer http://stackoverflow.com/questions/21647750/how-to-view-images-from-protected-folder-with-php — Vipin Kr. Singh, Sep 15 '16 at 12:55

score 0 · Answer 1 · edited May 23 '17 at 12:16

0

You can still use the .htaccess, I've provided some code that you can use, remove www. domain & tld and replace it with what fits you best.

RewriteEngine on 
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain\.ltd [NC] 
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain\.ltd.*$ [NC] 
RewriteRule \.(gif|jpg|js|txt)$ /messageforcurious [L]

This should make it so that only local access to allowed.

If you are asking about allowing an IP Address to be allowed to connect, then you could use something like:

order deny,allow
deny from all
allow from <your ip>

If the above does not work, you could also edit your .htaccess file and see if this would work:

RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^123\.456\.789\.123$
RewriteRule .* - [F]

Some of the code here was from this answer.

edited May 23 '17 at 12:16

Community

1
1

answered Sep 15 '16 at 12:49

FluxCoder

1,266
11
22

Thanks, but the second solution is best no ? Do I have to put WAN or LAN address ? – Äasgard Sep 15 '16 at 12:50
Have you removed the < > ? (You should do). – FluxCoder Sep 15 '16 at 13:06
Like this? `Order deny,allow Deny from all Allow from 203.25.45.2` – FluxCoder Sep 15 '16 at 13:09
Check the Answer, I've added another bit of code that might just do the trick for you! – FluxCoder Sep 15 '16 at 13:10
Yeah, exactly like that. That doesn't work because of the localhost maybe ? – Äasgard Sep 15 '16 at 13:12
Try putting the LAN Address there instead and see if that works. – FluxCoder Sep 15 '16 at 13:12
Not better ... Raaaah ! What is going on ? :'( – Äasgard Sep 15 '16 at 13:16
Hmm, sorry, but I really don't know your situation is. – FluxCoder Sep 15 '16 at 13:17
Problem is maybe in my vhost declaration ? – Äasgard Sep 15 '16 at 13:17
As I say, I'm not 100% sure on what the issue is being caused by. – FluxCoder Sep 15 '16 at 13:18
1

Hi, it appears that you copied the bulk of this answer from [here](http://stackoverflow.com/a/15668855/5292801). You're using someone else's work without giving the author credit. This amounts to plagiarism, and is not welcome on Stack Overflow. Remember to always add prominent attribution when using other sources. Thanks! – Takarii Sep 15 '16 at 13:28
It is my understanding that `HTTP_REFERER` can be easily spoofed. Be careful with that. – haliphax Sep 15 '16 at 13:58

Disallow direct access to files

1 Answers1