-2

Please I need help guys.

Is it possible to check if a file is requested by a page or if it is being viewed directly through it's URL?

Let's say we have a JavaScript file named file.js and I have a page named page.html and on the page, we linked to the JS file to use it for some functions.

This what I have tried:

RedirectMatch 301 ^/.*$ https://example.com

With the above code, the file.js redirects to https://example.com when it is viewed through its URL. This is one thing I actually want. But when the file is requested by the page.html, it doesn't show up. It seems to have been redirected as well. I want it to be served when it is requested by the page.

How can I through the HTACCESS check if file.js is requested by page.html to allow its usage but redirect it if it is requested directly with its URL?

ALSO: Maybe this can be done by checking the URL through which the file is being requested from wether it matches the file url or not. I don't know by the way...

I need your help.

Thank you!

Edit:::

I want to know if I can set it up so that even after it is seen through a page, it still cannot be viewed directly through its URL. And if what I'm requesting is possible by the way.

BarryOvb
  • 13
  • 4
  • What's the problem that you're trying to solve with this? This sounds like a lot of effort for no measurable effect. Even if the file is requested because it's required by the page (and http does not work that way), it can still be easily inspected by a browser's development tools (assuming that's what you want to avoid) – Olaf Kock Apr 13 '23 at 18:12
  • @OlafKock Oh, thanks for your comment. I pointed to a js file from a page. I thought the only way to see the content of the js file is to view it via its link or opening the file directly if one has access to the folder it's located? Am I wrong? It's very easy to redirect a file when one tries to view it via its URL. What I want additionally is for any page in my website to link to the js file without being redirected and should only redirect when it is viewed via its URL. If that's possible by the way... – BarryOvb Apr 13 '23 at 20:46
  • 1
    Does this answer your question? [How to prevent a file from direct URL Access?](https://stackoverflow.com/questions/10236717/how-to-prevent-a-file-from-direct-url-access) – CBroe Apr 14 '23 at 06:05
  • Thank you for sharing @CBroe. It doesn't completely answer my question because when the image (or whatever file) is viewed on a page or post, it can then be viewed directly through its URL as a result of the browser cache. I already had that one set up in my htaccess to stop hotlinking. I want to know if I can set it up so that even after it is seen through a page, it still cannot be viewed directly through its URL. And if what I'm requesting is possible by the way. – BarryOvb Apr 15 '23 at 21:02

1 Answers1

0

Although it appears different, it's not. A page that includes the js file will effectively "directly access" it in order to load it. Any differences that there are can easily be faked by anyone wanting to grab the file (such as the referrer header used on the link in the comments).

If the file is available, it's available. It can't be stopped from being accessible while still being accessible. A page loading it works no differently from loading the URL directly.

What you may want to look in to is obfuscation so that the file is not as usable as it is in the source format. Basically making the JS unreadable for humans although to a point it can still be reversed.

Another option, if you're wanting to hide delicate or private JS code, and the best if you can use it, is to run the JS on the server if possible. Then folks can only get the results of what it produces rather than the code itself.

Anyway I'm guessing what your issue is. Perhaps lay out what problem you're trying to solve (in a new question), as suggested in the comments, and then perhaps folks might have other helpful suggestions.

  • Thank you so much for your contribution. I'm already using the obfuscation method. How can I run the JS on the server? – BarryOvb Apr 17 '23 at 22:24
  • Well it depends if it's JS that *can* be run on the server. It depends what it does. If it can you would run it using Node.js. If you'd like to accept me answer it would be appreciated :) –  Apr 17 '23 at 22:28
  • Oh, awesome. Please can you point me to a resource where I can learn more about running it from a server? Also, I don't kow why I have -2 on my question. Did I ask an annoying question? – BarryOvb Apr 17 '23 at 22:33
  • Folks do that when the question is not well asked or is asking too much without having done research. Stuff like that. I already did point you - Node.js. There’s a website all about it nodejs.org or look for articles but it depends what it does, you may not be able to run it on the server. There’s a tick mark next to my answer if you want to accept it which would give me some points for the assistance. –  Apr 17 '23 at 23:11