How to deny direct access to a folder using htacce

2019-09-11 06:29发布

站内问答 / 前沿技术
1930 4 4

My website is all about images. So I want to find a way to prevent direct access to images folder using (I guess) .htaccess. From what I've read one way is to move the images folder out of the web-root and then add an .htaccess file with the following code: 

deny from all

So here are my questions:

  • Will I have any problems if I don't move the folder outside the web-root? Because I will have to make a lot of changes to the code in all pages. What's the logic behind moving the images folder outside the web-root?

  • Is there any other safe way to do this? I am worrying that If add .htaccess that will deny access to all images then I won't be able to share my pages and use the images in them.

UPDATE:

What about if I use the following code that will prevent hotlinking of my images but will allow it to specific websites. 

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yordomain2.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yordomain3.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ http://page-to-redirect [NC,R,L]

4条回答
做个烂人
2楼-- · 2019-09-11 06:38

You can add to .htaccess

Options -Indexes

to prevent reviewing of images folder content.

Another way you can put index file to the images folder.

If you publish some images on the pages it's impossible to restrict download of them.

查看更多
0人赞 添加讨论(0) 举报
趁早两清
3楼-- · 2019-09-11 06:43

I use that for the same problem:

Options -Indexes
RewriteEngine On
# Only from this website
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?yourdomain\.com [NC]
RewriteRule \.(jpe?g|gif|png|bmp)$ - [NC,F]

# To prevent access to crawlers
RewriteCond %{HTTP_USER_AGENT} (?:google|tineye) [NC] 
RewriteRule \.(jpe?g|gif|bmp|png)$ - [NC,F]

It does not really blocks access to images, but access from other websites pages.

查看更多
0人赞 添加讨论(0) 举报
我只想做你的唯一
4楼-- · 2019-09-11 07:02

If you move your images folder outside your web root, you don't need that .htaccess. Directories outside your web root can't be accessed from outside.

So you can do both, but not together. Anyways your images can not be used on your site as long they are not accessible. To show an image on your site it has to be 'loadable'.

Hope that helps.

查看更多
0人赞 添加讨论(0) 举报
放荡不羁爱自由
5楼-- · 2019-09-11 07:02

1) Redirect all requests to the image folder to the index.php script using .htaccess:

# Turn rewriting on
Options +FollowSymLinks
RewriteEngine On
# Redirect requests to index.php
RewriteCond %{REQUEST_URI} !=/index.php
RewriteCond %{REQUEST_URI} !.*\.png$ [NC]
RewriteCond %{REQUEST_URI} !.*\.jpg$ [NC]
RewriteCond %{REQUEST_URI} !.*\.gif$ [NC]
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]

2) In your index.php do some logic to determine if the image should be served.

// Do some checking...
$safe = true; // determine if the image should be served
if($safe){
    header("content-type: image/png"); // or gif or jpg
    readfile($_GET['q']);
}
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)