Jump to content


New Members
  • Posts

  • Joined

  • Last visited

Posts posted by mr_bob

  1. Just now, requinix said:

    If you view a page at https://www.domain.com/page.html and it tries to show an image from https://www.domain.com/image/img.jpeg, what do you think the referrer string will be?

    Also, you cannot rely on the referrer string even being present. You should only block access if there is one.

    I guess we're missing jpeg here which should be added to the list. Maybe I should declare /image/ directory? Regular expressions are hammering me.

  2. Hi all,

    Following advice of one member here I managed to write following rules. It's needed to block direct access, but allow files to be read by html code like this:

    RewriteEngine On 
    RewriteCond %{HTTP_REFERER} !^(www\.)?domain\.com [NC]
    RewriteCond %{HTTP_REFERER} !^(www\.)?domain\.com.*$ [NC]
    RewriteRule \.(gif|jpg|mp3|ogg|)$ - [F]

    It's needed for www.domain.com and https://domain.com.

    Problem is that page.html doesn't display images and mp3 files after that. [L] at the end allows them display but direct access too.

    What could be wrong here?

  3. 4 hours ago, mac_gyver said:

    that opens the file through the file system, not the web server, so, any links in the html will also be read through the file system. you must use a url to the html file, such as http://localhost/phptest.html. this will cause the src="phptest.php?id=1" attribute to be read through http://localhost/phptest.php?id=1


    10 minutes ago, dodgeitorelse3 said:

    A web server typically uses port 80 so what do you get without the :5500 in address?

    edit: I'll check this out when I can return to PC where those files are thanks.

    After uploading to a web server the image showed indeed. Thanks a lot for pointing out on this. The code is working then. Appreciate all the replies!

  4. Hi,

    If I want to use file in html, so that <div> tag will have a property 'data_url' of that file like

    <div class="something" data_url="actualFile.txt"

    but at the same time blocking direct access to file so that nobody can just type path in browser and download it, it's possible to block it in .htaccess config file? That would theoretically make it unusable but I don't know for sure.

    It sounds a bit silly but maybe there's a way to block direct access to file at least to a moderate degree. Any useful manual regarding this topic to read?

  5. Maybe it will open in Live Server extension of VS Code? A very handy tool helps test everything because uploading to a web server is more complicated. Though i'm getting the same output (no image) when url is with message in VS Code "Live Reload is not possible without body or head tag.".

    So as you said, it's not a file system now, or it should be uploaded to a web server to make it work.

  6. Hi, sorry for a noob question, but I'm having problem with this small code that doesn't work.

    I have secret image path written in php file which must be given to HTML parameter. After this I want to make PHP send file of mime type "audio/mpeg3".

    The thing is to hide actual file paths.

    Every code is as simple as it can get hopefully. I run these files locally with Firefox and they are located in the same folder: phptest.html, phptest.php, car.jpg.

    I have HTML file:

    <!DOCTYPE html>
    <html lang="en">
        <meta charset="UTF-8">
        <p>Image given by .php file:</p>
        <img src="phptest.php?id=1">

    It's really simple, just look at body tag. The whole phptest.php file:

    if ($_GET["id"] === "1"){ //More "if" statements planned
        $path = 'car.jpg';
    header('Content-Type: image/jpeg'); //Don't need too much headers?

    PHP is supposed to read file with "id" paramenter. But Somehow this doesn't work.

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.