Tutorial
Block and Prevent direct access to files, folders, and directories with .htaccess.

What this does is if someone tries to access a folder or directory by manually typing it into a web browser they will be forwarded or redirected to another location you specify.

This could be considered simple content protection, but it can also be considered a security feature when there are certain types of files involved. If you want to prevent the entire world from seeing your ray widget licenses then this will do it.

This may or may not be handy for you Dolphin users depending on your site. If you require that a visitor must signup before accessing or viewing other members images and other files then this might be something of interest.

This also works great with many other types of scripts you might have installed besides Dolphin. So it's not limited to any type of script in particular.

The only thing this will not work in is the actual ray folders/directories that contain your uploaded files. Such as yoursite.com/ray/modules/movie/files/1.flv for example. For some reason this does work in internet explorer but it will not work in firefox. I haven't figured out a sollution yet, but will continue working on this for the ray file directories.

It will work in the /ray/modules/movie/xml/ directory/folder. Which means you can use this to prevent users from viewing your licenses for the various ray widgets, and will prevent people from finding your rms server info in the global folder.

If you have index browsing disabled or turned off, meaning that if there is no index.html/index.php someone can't see what is in a folder/directory, but if they know the script and many do they can still browse and look at certain files if they know the exact location.

You can try it yourself by entering something in your web browser such as:
yoursite.com/ray/modules/movie/xml/main.xml
Now you can see your license for the ray movie widget.
Try yoursite.com/ray/modules/global/xml/config.xml
And you can see your rms settings.

Even if you require members to join your site before they can view audio/video etc. All somebody has to do is type (yoursite.com/ray/modules/movie/files/1.flv) and keep on going 2.flv, 3.flv, or .mpg

Same with the audio and mp3 folders.

Gallery photos then just type yoursite.com/media/images/sharingImages/1.jpg 2.jpg, 3.jpg, etc..etc.

Now if your hosting is set to allow index browsing you don't even need to know this. A simple test to see if you do or not is to type something like:
yoursite.com/media/images/sharingImages/
This is the location that Gallery Photo uploads will go to. If you have gallery photos uploaded and you can see a bunch of files then your account is set to allow index browsing. Consider turning index browsing off to prevent this.

So what we can do is if someone knows the exact location of a file we can redirect them back to our homepage for example. Which means if someone typed yoursite.com/media/images/sharingImages/1.jpg they wont even be able to see it, they will be redirected to your homepage or anywhere else you specify.

The only way they are allowed to access the file is through your site by clicking on various links that will take them to the particualar file.

Now obviously this isn't going to be what everyone wants. Some sites want others to be able to access a picture or other file directly.

However if you are one of those people that don't want others to access these files the code is very simple. We just make a new .htaccess file and put it in the sharingImages folder/directory for example, like yoursite.com/media/images/sharingImages/.htaccess

The Code to add:
#<--Below this line-->
AuthUserFile /dev/null
AuthGroupFile /dev/null

RewriteEngine On

RewriteCond %{HTTP_REFERER} !^http://www.yoursite.com.* [NC]
RewriteCond %{HTTP_REFERER} !^http://subdomain.yoursite.com.* [NC]
RewriteCond %{HTTP_REFERER} !^http://.yoursite.com/subfolder.* [NC]
RewriteCond %{HTTP_REFERER} !^http://yoursite.com.* [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yoursite.com/subfolder.* [NC]

RewriteRule /* http://www.yoursite.com/index.php [R,L]
#<--To above this line-->

Or download this zip file with a .htacess in the right format from Download Here.

The RewriteCond lines you need to replace yoursite.com with your actual site. Be sure to add more lines if you have more sub domains or subfolders you want to be allowed to access.

The RewriteRule line is the location you want them to be redirected to if they try to directly access a particular file. You can change this to anything you want.

Upload it to the sharingImages folder. Open up a new browser window or tab and now type the location: yoursite.com/media/images/sharingImages/1.jpg

If you have successfully added this then you should be redirect to your homepage or whatever you happened to change it to above.

Now login as a member of yoursite and access the same photo by means of the photo gallery links. You should be able to access it through your website if you correctly changed yoursite.com to your actual site above.

This can be applied to many locations in Dolphin, and some in Ray. Make sure you do not overwrite an existing .htaccess file. You might add the code above to an existing .htaccess file, but do not overwrite one.

Do not place the code in any of the main or top level ray folders or audio/video will not play in firefox.

Folders/directories you can add it to in ray are any of the xml folders such as:
/ray/modules/movie/xml/.htaccess
/ray/modules/mp3/xml/.htaccess
Etc...etc.

As previously mentioned do not put this in any of the ray files folders because it wont allow users to see or hear a file in firefox such as: /ray/modules/movie/files/.htacess this will cause problems in firefox.

I'm still working on these folders/directorys and will update this if or when anything developes.

For other types of sites if you have an area that you don't want someone to be able to type the address in and see a file this works great too.

I can not say that it will work for every script and every type of setup out there. This would be impossible to test it on everything. But it certainly is worth a try.

It is important that you make sure you edit the code for yoursite.com and all sub domains or subfolders. Otherwise nobody will be able to access the file or folder/directory even through your site links.

I hope you find this helpful and find a use for it, whether Dolphin or any other type of web site.
 
Written By
Tutorial by: Jeremy LeSarge (AKA Ray)

I am the owner and administrator of DialMe.com. I write Tutorials for Boonex Dolphin as well as tips and resources surrounding website programming and development. I enjoy working with WordPress, SEO, and Web Hosting / Servers. I also maintain a WordPress Blog here on this site where you will find a variety of technology and webmaster resources.

Actions
Sponsored Links
Recommend