How to prevent a file from direct URL Access?

后端 未结 7 2019
后悔当初
后悔当初 2020-11-22 05:26

I\'m using Apache and I have a sample web folder on my Local Host, like:

      http://localhost/test/

Files in th

相关标签:
7条回答
  • 2020-11-22 05:59

    Based on your comments looks like this is what you need:

    RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost/ [NC] 
    RewriteRule \.(jpe?g|gif|bmp|png)$ - [F,NC]
    

    I have tested it on my localhost and it seems to be working fine.

    0 讨论(0)
  • 2020-11-22 06:02

    When I used it on my Webserver, can I only rename local host, like this:

    RewriteEngine on 
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com [NC] 
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com.*$ [NC] 
    RewriteRule \.(gif|jpg)$ - [F]
    
    0 讨论(0)
  • 2020-11-22 06:02

    For me this was the only thing that worked and it worked great:

    RewriteCond %{HTTP_HOST}@@%{HTTP_REFERER} !^([^@])@@https?://\1/.
    RewriteRule .(gif|jpg|jpeg|png|tif|pdf|wav|wmv|wma|avi|mov|mp4|m4v|mp3|zip?)$ - [F]

    found it at: https://simplefilelist.com/how-can-i-prevent-direct-url-access-to-my-files-from-outside-my-website/

    0 讨论(0)
  • 2020-11-22 06:08

    rosipov's rule works great!

    I use it on live sites to display a blank or special message ;) in place of a direct access attempt to files I'd rather to protect a bit from direct view. I think it's more fun than a 403 Forbidden.

    So taking rosipov's rule to redirect any direct request to {gif,jpg,js,txt} files to 'messageforcurious' :

    RewriteEngine on 
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain\.ltd [NC] 
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain\.ltd.*$ [NC] 
    RewriteRule \.(gif|jpg|js|txt)$ /messageforcurious [L]
    

    I see it as a polite way to disallow direct acces to, say, a CMS sensible files like xml, javascript... with security in mind: To all these bots scrawling the web nowadays, I wonder what their algo will make from my 'messageforcurious'.

    0 讨论(0)
  • 2020-11-22 06:10
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost.*$ [NC] 
    RewriteCond %{REQUEST_URI} !^http://(www\.)?localhost/(.*)\.(gif|jpg|png|jpeg|mp4)$ [NC] 
    RewriteRule . - [F]
    
    0 讨论(0)
  • 2020-11-22 06:11

    First of all, find where the main apache’s config file httpd.conf is located. If you use Debian, it should be here: /etc/apache/httpd.conf. Using some file editor like Vim or Nano open this file and find the line that looks as follows:

    Options Includes Indexes FollowSymLinks MultiViews
    

    then remove word Indexes and save the file. The line should look like this one:

    Options Includes FollowSymLinks MultiViews
    

    After it is done, restart apache (e.g. /etc/init.d/apache restart in Debian). That’s it!

    0 讨论(0)
提交回复
热议问题