问题
I'm trying to use mod.rewrite to deny direct access to files on my web server, e.g. http://domain.tld/reports/imareport.pdf or http://domain.tld/img/img1.png, and I've used the answer on this question:
(htaccess) How to prevent a file from DIRECT URL ACCESS?
That page suggests using mod.rewrite like this:
RewriteEngine on
RewriteRule \.(png|pdf|htm)$ - [F]
Using mod.rewrite in this manner works fine for denying access to PDFs, but other files that are ordinarily included in a page such as images and css are not only blocked from direct access, but also blocked when used on a webpage in a normal <img> tag or whatever. This is contrary to the question and answer mentioned above.
So... my question is... is there a way to block direct access to files but still allow them in webpages?
回答1:
Thanks Mark Phillips, I didn't fully appreciate what these two rewrite conditions were doing for me:
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost.*$ [NC]
So I had managed to mess them up. Things worked as needed when I used the code just as it was.
来源:https://stackoverflow.com/questions/40158651/how-to-prevent-direct-access-to-files-but-allow-files-in-webpages