Restrict access by htaccess

Question

Restrict access by htaccess

Navigation

#1 by (3 votes)

1

I have a dedicated server separate from my site hosting, some content like image, videos, texts and etc. will be pulled from that dedicated, the problem is that I would like to restrict access to these files directly by URL, and make them accessible only if the request comes directly from the site, I already tried to use Allow from IP, but the ip that goes is the user's IP and not my site's, which could be a problem in the future ... I've tried using HTTP REFERER however did not work, can anyone tell me what I can do to limit and display this content only within the site?

php htaccess servidor

asked by anonymous 30.10.2016 / 15:51

1 answer

I need to check if my JSON is empty to fetch url with parameter defined in the curl Leave some data from a non-mandatory java interface

score 3 · Accepted Answer

Answering the question, first of all, blocking requests from outside via .htaccess is something like this:

RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_REFERER} !^http://www\.seusite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://seusite\.com/ [NC]
RewriteRule ^.*$ - [F]

But this is only to make it difficult for the curious, because anything that the browser accesses without restriction, can be accessed directly by an external request. HTTP headers are easily simulated.

To protect against automated access, a captcha would help, but this is infeasible for normal features such as images, JS, CSS, audio etc that would normally be used by the site. In addition, nothing would prevent the user from responding to the captcha in an application outside the site.

A reasonable block with no side effects is practically impossible in the context presented in the question.

The benefit of the REFERER lock is in the case of Hot Link , it at least prevents your resources from being linked to third-party sites (because in this case, the third party has no control over the user, who will be making the requisition). You can not prevent this third party from accessing your data and taking a copy, but he himself can not make ordinary users (of his site) bypass his protection in a simple way and access his files directly. At least it discourages the undue consumption of the transmission band of your server, because in this case it is obliged to at least intermediate the content.

I can not deny or confirm that I have already done this :P , but by controlling REFERER directly in your application, you might well serve an extremely inappropriate image if it is linked to a third-party site, but correct if the person accesses your or if the REFERER is empty (important to consider that it is only hotlink if it is filled, with the wrong website). I do not recommend , because it can be in the person's cache, and the wrong thing appears if the same person accesses your site in the future, giving a disastrous result. But it's always good to know that it's possible;)