I'm trying to restrict access to MP3's to users only (i'm using wordpress)
I have my .htaccess set up to redirect back to the homepage unless you click it - to prevent people just typing in the url.
But when a registered user does click it the MP3 doesn't stream (in safari) and when you try to 'download linked file' you get a html file not the mp3.
So basically at the moment no one can download them.
Here's my htaccess code
IndexIgnore *
Options +FollowSymlinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?wizzfx\.com/ [NC]
RewriteCond %{REQUEST_URI} !hotlink\.(mp3) [NC]
RewriteRule .*\.(mp3)$ http://www.wizzfx.com/ [NC]
I'll also probably want to include other files than just mp3s at some point too.
The trouble is your technique, as you say, is quite restrictive, yet it's not really that secure (it's easy to spoof the referer header).
A better solution, but again not entirely secure, would be to simply use obscure file naming (making it hard to merely 'guess' the URL), but not setting limits on where and how a user can listen to the file.
If you want absolute security, a plugin that allowed you to upload media, within your WordPress admin, to a directory outside the web root.
Users would then log in to view the uploaded media, but would have to download and save the files in order to use them.
The downloading process would be made using a simple PHP file downloader script, in order to present files outside the web root.
Related
I have a vpn server so i have access anything, if i need httpd.conf etc.
Already using the code below in .htaccess on wordpress root folder:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domainhere\.com [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domainhere\.com.*$ [NC]
RewriteRule \.(gif|jpg|js|txt|mp4)$ /maalesef [L]
Created another .htaccess in videos folder containing;
order deny,allow
deny from all
Created another one in videos/english subfolder with same.
I need to protect that folder with many sub folders and mp4 files in them. Basically will be a paid video course. Users can stream it via player but can't download it. I don't want to pay Vimeo Pro or Amazon S3 since it's a budget project, maybe in future why not.
I'm also open if there's a way to protect them via converting mp4 into HLS with FFMPEG or a software called pavtube video converter ultimate.
Bonus: http://beezcode.com/hls how do they do it? Can't download with a plugin on chrome and can download the playlist m3u8 but cant open with any media player on windows.
Created another .htaccess in videos folder containing;
order deny,allow
deny from all
Created another one in videos/english subfolder with same.
There is no need to duplicate these .htaccess files in subdirectories if you just want to protect everything. The .htaccess file applies to the current directory and the entire directory tree below it.
Note that these are Apache 2.2 directives. If you are on Apache 2.4 then you should use the following instead:
Require all denied
If you only want to protect certain file types based on file extension, then use a <FilesMatch> container. For example:
<FilesMatch "\.(gif|jpg|js|txt|mp4)$">
Require all denied
</FilesMatch>
However, if these files should only ever be accessed by your application, then consider storing them outside of the document root instead. The files are then protected automatically against direct/HTTP access - nothing more to do. This is the safer option as it is not dependent on any userland code (ie. .htaccess) nor vulnerable to server misconfiguration.
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domainhere\.com [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domainhere\.com.*$ [NC]
RewriteRule \.(gif|jpg|js|txt|mp4)$ /maalesef [L]
This is simply "hot-link" protection. Which is unreliable and easy to circumvent. In any case, if you have the above code that blocks all HTTP access then these directives are less relevant.
I'm developing with a small web-based project with WordPress which contains a lot of PDF files. What I'm looking for is to close the direct access to PDF files, like in https://sciami.com/scm-content/uploads/2018/06/myfile.pdf and redirect the request to the attachment page in https://sciami.com/myfile.
To do this, I wrote a code in .htaccess as below:
RewriteCond %{REQUEST_URI} \.pdf$ [NC]
RewriteRule ^scm-content/uploads/([0-9]+)/([0-9]+)/(.+)\.pdf$ /$3 [R=301,L]
In this way all PDFs are redirected to related attachment page (and it works!). Inside the attachment page, there is a PDF viewer that shows related PDF file. But because of the rule written in the .htaccess, the PDF viewer doesn't show anything because the https://sciami.com/scm-content/uploads/2018/06/myfile.pdf URL necessary for show PDF is rewritten.
My question is how to close the direct access to PDFs, while allowing them to be loaded within the viewer?
The condition
RewriteCond %{HTTP_REFERER} !^https://(www.)?sciami.com/ [NC]
allows operation within the site, but prevents redirect from within the site.
Every help is welcome.
I want to redirect all requests to index.php and any %{REQUEST_URI} portion should be passed as an argument to index.php. Also, even if the %{REQUEST_URI} portion points to an existing file/directory, I still want to do the redirect. For example, there is a directory called js in my document root. When I access my site like http://www.example.com/js, then I still want to redirect to http://www.example.com/index.php?uri=js instead of displaying the content of the directory in a browser.
So, I added the following two lines in my .htaccess file.
RewriteEngine On
RewriteRule .* index.php?uri=%{REQUEST_URI} [QSA]
But this does not work.
First, when I specify a path to an existing file, e.g. http://www.example.com/foo.css, it still displays a content of the file in a browser. (What I want is http://www.example.com/index.php?uri=foo.css) Second, when accessing a directory, e.g. http://www.example.com/js, then the redirect happens, but css fails to take effect and my site looks corrupted.
The good news is it works fine if I specify an arbitrary string that does not point to any files/directories in the root. I spent hours trying to debug this, but I have no clue. How would I solve my problems?
FYI, I'm using Apache 2.4.3.
Maybe this following code :
RewriteEngine On
RewriteRule ^index.php?uri=(.*)$ $1 [L]
I don't know if it's that you want.
I am hosting two different websites using one hosting package.
My initial website is self-built and runs from the public_html directory of my host let's call this 'http://www.website1.co.uk'
I also have a Word Press blog running in a folder under the public_html - so '/folder_2', let's call this 'http://www.website2.co.uk' - this URL currently points to '/folder_2' and will load the blog when entered in to a browser.
At the moment the blog is also accessible by entering 'http://www.website1.co.uk/folder_2/'.
I would like to be able to limit access to 'folder_2' to just 'website2.co.uk' - preventing somebody typing in the 'website1.co.uk/folder_2' path and being able to view the blog.
What's the best way to achieve this, bearing in mind the folder in question is running a Word Press blog.
Try adding this in your .htaccess file in folder_2
RewriteEngine On
RewriteCond %{http_host} !website2.co.uk
RewriteRule .* http://website2.co.uk
that would redirect anyone who goes to website1.co.uk/folder_2 to website2.co.uk, but if you just want them hit a 404 put this in .htaccess instead
RewriteEngine On
RewriteCond %{http_host} !website2.co.uk
RewriteRule .* - [R=404,L]
1# move folder_2 out of public_html(you really should do that).
2# rewrite all request of 'http://www.website1.co.uk/folder_2/' to 404 in htaccess
Check below link:
Redirection Subfolder Htaccess
I'm having trouble setting up a directory with php files on a wordpress site.
I understand how to use templates to include a custom php file, but what I'm trying to do is access a php file as if wordpress was not installed. Right now when I create a new directory(dir1) and put an index.php file in that folder, then try to view by going to www.test.com/dir1 it shows a bulleted list with links to header, background, and updates with a text input for searching the website at the bottom.
I'm not sure if this is something that needs to be configure in my cPanel or if its a wordpress setting, or even if its an htaccess issue.
Please help me figure out what I need to do, or even at the very least, help me put into words what I'm trying to do. Thanks!
Usually Wordpress installed in the root has no impact at all on whatever is put into non-wp directories. Can you paste your .htaccess file from the root folder? And does your /dir1/ have any .htaccess?
Wordpress has nothing do to with existing folders/files. Here are some steps you may try.
Make sure your /dir1 doesn't have .htaccess or if in case you have and you need it to have it there, continue doing next steps.
Add some inclusions in rewrite engine of your .htaccess file. You may add something like this:
RewriteCond %{REQUEST_FILENAME} !-d and/or RewriteCond %{REQUEST_FILENAME} !-d
or
RewriteCond %{HTTP_HOST} !dir1
I hope this helps.
Bah, I've figured it out.
anytime I would FTP files onto my server, it would make the owner/group "root"
After I used WinSCP to change my users to match each website, it worked perfectly.
cPanel is a pain.