Allow Disallow with htaccess help

[dvdriot]

I'm not sure if this is possible or not, but here's what I've been trying to do without any luck:

I have a video folder on my main domain such as:
www . mydomain . com / video / index . php or index . html

I don't want anyone to access this file directly or by any outside link only from www . mydomain . com

So for instance if I had a link www . mydomain . com / video . php or video . html, etc that when a user clicks on this link it will take them to www . mydomain . com / video / index .php and they would be allowed access.

If they were coming from another site, or directly they would not be allowed access.

I've messed with the .htaccess file in the www . mydomain . com / video folder with no luck, I'm generally blocking all.

order deny,allow
deny from all
allow from mydomain.com

But this seems to block me also. I've tried itchy . cirtexhosting . com, and itchy's actual ip, but it still blocks me too. I did enter my real ip of my home computer and I was allowed.

I don't need to password protect it, because my site requires users to login, but since I setup the external video folder it's not part of my website script.

So anyone know how I can allow access from mydomain.com but not anywhere else?

I haven't messed with the hotlink protection yet, I occassionally put something on ebay and use my website for linking the pictures to my ebay auction.

Any ideas or suggestions would be appreciated.

Thanks.
dvdriot

[Josh]

Hi dvd, I've just been googling (gees this stuff goes indepth lol) - I think the problem is first you said deny everyone (order deny, allow) but then you said let someone in (after you said block them) ..

Quote:

Originally Posted by dvdriot

order deny,allow
deny from all
allow from mydomain.com

Try change that to:

Code:

Order Allow,Deny
Allow from mydomain.com
Deny from all

If that doesn't work you could try this:

Code:

    <Files *>
    Order Allow, Deny
    Deny from all
    Allow from .yourdomain.com
  </Files>

I think that is the same, it blocks all files by using the * sign.

Fingers crossed

[dvdriot]

After doing a little more reading and messing with htaccess, it sounds like what I am trying to do is not possible with htaccess. I can web protect it an require a user to gain access to the file or directory.

Using htaccess is relatively new to me, I've used it before but for more simple web protect related tasks.

I know you can use it to blocks hosts and bots, use it to rewrite your pages like long php file descriptions to more user friendly looking like www . mydomain . com / index . php ? = some long web page to www . mydomain . com / jimspage stuff like that.

I'll see if I can find an alternative or comprimise. But thanks for the input.
dvdriot

[luis.sg]

Have you tried denying access using the control panel? There has to be something. Normally, you can configure Apache to accept or reject connections, and the interface between you and Apache is your control panel.

The last option could be writing PHP code that would examine the referrer, and do something accordingly.

If you need help with this I could send you an example.

Cheers!

[Josh]

Although I think you can send 'fake' headers so it's not very reliable, but if they can access it straight from your site I don't think they would waste their time

[dougp]

You can block "specific" files if you want, or block all. Also, you will be able to add "allowed" sites to the list easily so if you want to allow a site such as this website, you can easily add them. Anyhow, here are some examples. Create a new .htaccess file and add one of the following examples. Be sure to upload it to the folder where the files your protecting are located.
(make sure there is one empty line at the end of the .htaccess file.)

Below blocks the specified file extensions from being linked from another site other than yourdomain.com or www.yourdomain.com

Quote:

RewriteEngine On
Options -Indexes
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://yourdomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com/.*$ [NC]
RewriteRule .*\.(gif|jpg|bmp|avi|mpg)$ - [F,NC,L]

Below blocks all files from being linked from another site other than yourdomain.com or www.yourdomain.com

Quote:

RewriteEngine On
Options -Indexes
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://yourdomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com/.*$ [NC]
RewriteRule .*\.*$ - [F,NC,L]

Below blocks the specified file extensions from being linked from another site other than yourdomain.com or www.yourdomain.com and instead replaces the file being linked with an image of choice (create your own leecher.gif for example)

Quote:

RewriteEngine On
Options -Indexes
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://yourdomain.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com/ [NC]
RewriteCond %{REQUEST_URI} !^/path/to/leecher.gif [NC]
RewriteRule \.(gif|jpg|bmp|avi|mpg)$ http://yourdomain.com/path/to/leecher.gif [R,NC,L]

Below blocks all files from being linked from another site other than yourdomain.com or www.yourdomain.com and instead replaces the file being linked with an image of choice (create your own leecher.gif for example)

Quote:

RewriteEngine On
Options -Indexes
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://yourdomain.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com/ [NC]
RewriteCond %{REQUEST_URI} !^/path/to/leecher.gif [NC]
RewriteRule \.*$ http://yourdomain.com/path/to/leecher.gif [R,NC,L]

If you want to add a site that is allowed to leech (such as adding cirtexhosting.com) just add in the new lines below the last allowed domain.

below are example lines to add allowing cirtexhosting.com and subdomain forums.cirtexhosting.com to the allowed linking offsite.

Quote:

Without replacing with an image.

RewriteCond %{HTTP_REFERER} !^http://cirtexhosting.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.cirtexhosting.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://forums.cirtexhosting.com/.*$ [NC]

For replacing with an image

RewriteCond %{HTTP_REFERER} !^http://cirtexhosting.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.cirtexhosting.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://forums.cirtexhosting.com/ [NC]

(the above will stop direct linking off of your own site, so any file accessed will have to have been clicked from your site.)

If you need help with the other, just message me and can try to help best I can.

// Regards,
Doug

[dvdriot]

Thanks for all the info. I'll see if I can spend some time messing with it over the weekend sometime.

[dougp]

np, that works for offsite links (ones people post directly to a file on your site from another site).

But it wont stop someone from copy/pasting in the URL to get the file. (copy > paste to new browser window) However, it will help alot with leeching and excess bandwidth usage.

If you really want to block access you can password protect the directory containing the files. I can help with that as well. Can have a single username/pass or even each member can have their own. That wont stop them from sharing the username/pass though. But if you keep track of http referers you can usually hunt down where something came from or see if something has been posted somewhere it shouldn't be

Other than that, you can use scripts, ect.. to make things harder, but there are always ways around any method.

Oh and I updated the above example, to simplify things a bit, you probably notice if you saw the file extensions I had listed before (ex. avi|AVI)

I removed the CAPS version and left the lowercase, adding NC to the htaccess flags.

Quick rundown of each flag used.
F = Forbidden (send to clients browser that the page/file is 403 forbidden)
NC = No Case (not case sensative, so we can use just avi and will work for AVI, avi, AvI, ect..)
R = Redirect, normally used when replacing one file with another in the examples such as replacing the leeched file with leecher.gif. (redirect file extensions matching those listed with leecher.gif)
L = Last rule for that set to process, most always will be the last line in that ruleset.