htaccess file protection

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    htaccess file protection

    heres a code i use to protect my gallery files from being accessed outside the site

    also the directory listing will not show these file types

    .htaccess
    PHP Code:
    <FilesMatch "\.(jpe?g|png|gif|bmp)$">
    Order Deny,Allow
    Deny from all
    ErrorDocument 403 
    /404.php
    </FilesMatch
    this file makes it look like the files dnt exist but its just a 403 forbidden error
    404.php
    PHP Code:
    <?
    echo "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">
    <html><head>
    <title>404 Not Found</title>
    </head><body>
    <h1>Not Found</h1>
    <p>The requested URL $_SERVER[REQUEST_URI] was not found on this server.</p>
    <p>Additionally, a 404 Not Found
    error was encountered while trying to use an ErrorDocument to handle the request.</p>
    <hr>
    $_SERVER[SERVER_SIGNATURE]</body></html>";
    ?>

    #2
    Can you explain a bit more? I couldnt understand easily. But i am interested on it. @ ori
    Wait...
    sigpic

    Comment


      #3
      Lol, whats there to explain? Helps against direct access/hotlinking.

      Comment


        #4
        Originally posted by anderson View Post
        Can you explain a bit more? I couldnt understand easily. But i am interested on it. @ ori
        ok instead of just blocking access to folders this code shows the folder contents but hides the file types put in it and if there smart enough 2 guess the filenames itll come up as 404 not found error instead of 403 forbidden

        Comment


          #5
          Originally posted by ori View Post
          ok instead of just blocking access to folders this code shows the folder contents but hides the file types put in it and if there smart enough 2 guess the filenames itll come up as 404 not found error instead of 403 forbidden
          I cant understand this:

          Code:
          <FilesMatch "\.(jpe?g|png|gif|bmp)$">
          if my image file directory is ../images/abcd.gif then what shoud I put in it?
          Last edited by anderson; 20.08.09, 08:24. Reason: sentence
          Wait...
          sigpic

          Comment


            #6
            just put the code in a .htaccess file in ur images folder

            Comment


              #7
              yes. I understand now. thanks. I am opening a thread about isipban() function hope you will all visit there.
              Wait...
              sigpic

              Comment


                #8
                Some more tips...

                Code:
                # secure htaccess file
                <Files .htaccess>
                 order allow,deny
                 deny from all
                </Files>
                Code:
                # disable directory browsing
                Options All -Indexes
                Code:
                # pass the default character set
                AddDefaultCharset utf-8
                Code:
                # disable the server signature
                ServerSignature Off
                Code:
                # set the server timezone
                SetEnv TZ Europe/Belgrade
                Code:
                # cache images and flash content for one month
                <FilesMatch ".(flv|gif|jpg|jpeg|png|ico|swf)$">
                Header set Cache-Control "max-age=2592000"
                </FilesMatch>
                Code:
                # limit server request methods to GET and PUT
                Options -ExecCGI -Indexes -All
                RewriteEngine on
                RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS|HEAD) RewriteRule .* - [F]
                Code:
                # prevent viewing of a specific file
                <files secretfile.jpg>
                 order allow,deny
                 deny from all
                </files>
                Code:
                # serve alternate default index page
                DirectoryIndex business.html
                Code:
                # limit access to local area network
                <Limit GET POST PUT>
                 order deny,allow
                 deny from all
                 allow from 192.168.0.0/33
                </Limit>
                Code:
                # block IP range by CIDR number
                <Limit GET POST PUT>
                 order allow,deny
                 allow from all
                 deny from 10.1.0.0/16
                 deny from 80.0.0/8
                </Limit>
                Code:
                # password-protect single file
                <Files secure.php>
                AuthType Basic
                AuthName "Prompt"
                AuthUserFile /home/path/.htpasswd
                Require valid-user
                </Files>
                Code:
                # password-protect multiple files
                <FilesMatch "^(execute|index|secure|insanity|biscuit)*$">
                AuthType basic
                AuthName "Development"
                AuthUserFile /home/path/.htpasswd
                Require valid-user
                </FilesMatch>
                .....
                <!DOCTYPE html PUBLIC "-//WAPFORUM.RS

                Comment

                Working...
                X