0

I have a simple PHP website , I want to know if there is any way to avoid users Access to the files on my website ? like css files and other things ?

To prevent my files to show in folder and directories, I used htaccess file and put this code inside htaccess :

Options -Indexes

but some users can still access the files content like css codes. for example if an user visit this url :

www.mysite.com/folder

this message should show to him :

Forbidden

 You don't have permission to access /css/ on this server.

but if users visit this url :

www.mysite.com/folder/file.css

Then the css will appear to him ...

I want to know how can i prevent this problem ? And avoid restrict files to users ?

Community
  • 1
  • 1
iman_sh
  • 420
  • 1
  • 8
  • 22
  • Check this link : https://stackoverflow.com/questions/38815179/how-to-prevent-access-to-a-directory-with-htaccess – Peace Feb 22 '19 at 13:29
  • this too : https://stackoverflow.com/questions/19118482/deny-access-to-one-specific-folder-in-htaccess – Peace Feb 22 '19 at 13:32
  • If you can't open css file in your site, how will you include them in your site? I think you can play with HTTP_REFERER. – nice_dev Feb 22 '19 at 13:58
  • 1
    I wonder why beginners are always so much in fear of someone being able to access content they actually published. That is a strange fear. But even if you do _not_ publish those documents in an unrestricted manner, what difference does it make? Do you _really_ think that your css rules are such a huge intellectual property that you need to protect it? That someone else will make a huge profit from getting unauthorized access to it? Come on... – arkascha Feb 23 '19 at 17:30
  • 1
    If you _really_ need to protect those simple css rules, then use a simple routing script for access instead of relying on the mapping of URLs to physical files in your http servers file system. A routing script will give you full control over who is authorized to access what. But that also means you need to invest into implementing such an authorization scheme and logic... – arkascha Feb 23 '19 at 17:32

1 Answers1

0

You need to allow access to some static files like .css, .js, .jpg, etc... to the correct visualization of your web.

If you want to avoid hotlinking you should create an .htaccess with this content:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain2.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ http://hpmouse.googlepages.com/hotlink.gif [NC,R,L]

Source

Jose Luis Poveda
  • 36
  • 6