kaliok Posted February 1, 2008 Share Posted February 1, 2008 Hi I am having trouble trying to protect a folder I store some javascript files in, perhaps I am placing the following code (that I have placed in an .htaccess file) in the wrong place or perhaps the code is wrong itself, any help/advice would be most appreciated. The files are used in a mini cms and would like to have it so they are only available to someone using the cms for the particular site and to stop anyone accessing the aforementioned javascript files from a remote url. RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://(www.)?thesitesname.com/.*$ [NC] RewriteRule \.(js)$ - [F] Quote Link to comment Share on other sites More sharing options...
madmax Posted February 1, 2008 Share Posted February 1, 2008 Not sure what you mean by "trouble". What exactly is the problem? Also - http://httpd.apache.org/docs/2.0/howto/htaccess.html#when - When not to use .htaccess files Summary... If HTTP_REFERER is not empty AND If HTTP_REFERER is not http://thesitename.com or http://www.thesitename.com If file request is ending in .js then Fail You are blocking access to all *.JS files on your server unless they come from other than the above two URLs? I think you may at least need a "last" L - [F,L] I also think you may need a NC on your last rule (no case) See the mod_rewrite cheat sheet http://www.phpfreaks.com/forums/index.php/topic,126435.0.html Quote Link to comment Share on other sites More sharing options...
kaliok Posted February 1, 2008 Author Share Posted February 1, 2008 Thanks for your quick response. When I say, "trouble", I mean, that the code I had used was not behaving in the way I had hoped it would. I have updated the code as follows: RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://(www.)?thesitename.com/.*$ [NC] RewriteRule \.(js)$ - [F,L,NC] However I am still able to access the files from outside the url. I'm afraid I am not too good with Apache and mod_rewrite. If it makes it any easier how would I make it so the entire folder is only accessible from the one site. Thanks again for any help. Quote Link to comment Share on other sites More sharing options...
madmax Posted February 1, 2008 Share Posted February 1, 2008 If you have access to the httpd conf file I'd do it in there. If it is a folder you want to protect as well as specifying the files in the folder you need to add a RewriteCond for the folder and AND these with the others (relevant to use in httpd conf follows...) e.g. /scripts/*.js RewriteCond ^scripts/ [nc] If instead - you still want to keep .htaccess files you need to be sure that they are being used. You need an Allow Override ... option to enable them. The way to tell would be to specify a specific log file in the .htaccess (win32 example) and see if the rule is actually getting triggered (no content would suggest not). RewriteEngine On RewriteLogLevel 5 #specify full path when used in .htaccess here since we want a specific log file and MUST know where it is going... RewriteLog c:/apache/logs/rewrite.log # remaining code... Quote Link to comment Share on other sites More sharing options...
kaliok Posted February 2, 2008 Author Share Posted February 2, 2008 The htaccess files are definitely being used, but I just can't seem to get the right ReWrite code. I don't believe I have access to the httpd conf files though. I would really like to try and get this to work with htaccess files. Any further help would be greatly appreciated. Thanks for your help so far. Quote Link to comment Share on other sites More sharing options...
kaliok Posted February 2, 2008 Author Share Posted February 2, 2008 I think I managed to do it. RewriteCond %{HTTP_REFERER} !^http://(www\.)?thesitename.com/.*$ [NC] It appears I was missing a backslash after the www! Blah! Quote Link to comment Share on other sites More sharing options...
madmax Posted February 2, 2008 Share Posted February 2, 2008 Lol - if I had a $ for every time I had done that, I'd have about... well a lot of $$$s A good night's sleep is always a good cure - I ought to have spotted it myself but didnt either Glad it's fixed Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.