I have a folder in my webserver called webserver, inside it I have several php files that mount the json that is sent to my app that I am mounting. But I wanted to block this folder to not be accessed by any browser, only by android. Is it possible to do this via htacess ?
Today I set up my htacess to not list any files inside the folder, I did as follows:
Options -Indexes
For android detection, using htaccess try:
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} "android" [NC]
RewriteRule ^(.*)$ /android/$1 [L,QSA] # redirect aqui
RewriteCond %{HTTP_USER_AGENT} "iphone|ipod|ipad|windows" [NC] # redirecao para os outros
RewriteRule ^(.*)$ http://YOU_SHALL_NOT_PASS/$1 [L,QSA]
But I said I had some php files. I took advantage of this, and put a first file with it, this file would be the first to be read by the server:
$useragent = $_SERVER['HTTP_USER_AGENT'];
$devicesAllowed = array('android' => 'http://www.android.com'); // aqui colocamos os 'aparelhos' admitidos, neste caso é só android com os respetivos url para redireção
foreach($devicesAllowed as $device => $url) {
if(strpos($useragent, $device) !== false) {
header('Location:' .$url);
}
}
header('Location: YOU SHALL NOT PASS'); // redireção para os outros clientes (ios, desktop etc...)
Note that on the client side we can spoof this, there are even plugins / add-ons for browsers to do this. Do not count as being 100% viable