Jump to content

protecting a folder


kaliok

Recommended Posts

Hi I am having trouble trying to protect a folder I store some javascript files in, perhaps I am placing the following code (that I have placed in an .htaccess file) in the wrong place or perhaps the code is wrong itself, any help/advice would be most appreciated. The files are used in a mini cms and would like to have it so they are only available to someone using the cms for the particular site and to stop anyone accessing the aforementioned javascript files from a remote url.

 

RewriteEngine on

RewriteCond %{HTTP_REFERER} !^$

RewriteCond %{HTTP_REFERER} !^http://(www.)?thesitesname.com/.*$ [NC]

RewriteRule \.(js)$ - [F]

 

 

Link to comment
Share on other sites

Not sure what you mean by "trouble". What exactly is the problem?

 

Also - http://httpd.apache.org/docs/2.0/howto/htaccess.html#when - When not to use .htaccess files

 

Summary...

If HTTP_REFERER is not empty AND

If HTTP_REFERER is not http://thesitename.com or http://www.thesitename.com

If file request is ending in .js then Fail

 

You are blocking access to all *.JS files on your server unless they come from other than the above two URLs?

 

I think you may at least need a "last" L - [F,L]

I also think you may need a NC on your last rule (no case)

See the mod_rewrite cheat sheet http://www.phpfreaks.com/forums/index.php/topic,126435.0.html

 

Link to comment
Share on other sites

Thanks for your quick response. When I say, "trouble", I mean, that the code I had used was not behaving in the way I had hoped it would.

 

I have updated the code as follows:

 

RewriteEngine on

RewriteCond %{HTTP_REFERER} !^$

RewriteCond %{HTTP_REFERER} !^http://(www.)?thesitename.com/.*$ [NC]

RewriteRule \.(js)$ - [F,L,NC]

 

However I am still able to access the files from outside the url. I'm afraid I am not too good with Apache and mod_rewrite.  If it makes it any easier how would I make it so the entire folder is only accessible from the one site.

 

Thanks again for any help.

Link to comment
Share on other sites

If you have access to the httpd conf file I'd do it in there. If it is a folder you want to protect as well as specifying the files in the folder you need to add a RewriteCond for the folder and AND these with the others (relevant to use in httpd conf follows...)

 

e.g. /scripts/*.js

 

RewriteCond  ^scripts/ [nc]

 

If instead - you still want to keep .htaccess files you need to be sure that they are being used. You need an Allow Override ... option to enable them. The way to tell would be to specify a specific log file in the .htaccess (win32 example) and see if the rule is actually getting triggered (no content would suggest not).

 

RewriteEngine On
RewriteLogLevel 5
#specify full path when used in .htaccess here since we want a specific log file and MUST know where it is going...
RewriteLog c:/apache/logs/rewrite.log
# remaining code...

 

 

 

Link to comment
Share on other sites

The htaccess files are definitely being used, but I just can't seem to get the right ReWrite code. I don't believe I have access to the httpd conf files though. I would really like to try and get this to work with htaccess files. Any further help would be greatly appreciated.

 

Thanks for your help so far.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.