Block and Prevent direct access to files, folders, and directories with .htaccess.
What this does is if someone tries to access a folder or directory by manually typing it into a web browser
they will be forwarded or redirected to another location you specify.
This could be considered simple content protection, but it can also be considered a security feature when
there are certain types of files involved. If you want to prevent the entire world from seeing your ray
widget licenses then this will do it.
This may or may not be handy for you Dolphin users depending on your site. If you require that a visitor
must signup before accessing or viewing other members images and other files then this might be something
of interest.
This also works great with many other types of scripts you might have installed besides Dolphin. So it's
not limited to any type of script in particular.
The only thing this will not work in is the actual ray folders/directories that contain your uploaded
files. Such as
yoursite.com/ray/modules/movie/files/1.flv for example. For some reason this does work in internet
explorer but it will not work in firefox. I haven't figured out a sollution yet, but will continue working
on this for the ray file directories.
It will work in the /ray/modules/movie/xml/ directory/folder. Which means you can use this to prevent users
from viewing your licenses for the various ray widgets, and will prevent people from finding your rms
server info in the global folder.
If you have index browsing disabled or turned off, meaning that if there is no index.html/index.php someone
can't see what is in a folder/directory, but if they know the script and many do they can still browse and
look at certain files if they
know the exact location.
You can try it yourself by entering something in your web browser such as:
yoursite.com/ray/modules/movie/xml/main.xml
Now you can see your license for the ray movie widget.
Try yoursite.com/ray/modules/global/xml/config.xml
And you can see your rms settings.
Even if you require members to join your site before they can view audio/video etc. All somebody has to do is type (yoursite.com/ray/modules/movie/files/1.flv) and keep on going 2.flv, 3.flv, or .mpg
Same with the audio and mp3 folders.
Gallery photos then just type yoursite.com/media/images/sharingImages/1.jpg 2.jpg, 3.jpg, etc..etc.
Now if your hosting is set to allow index browsing you don't even need to know this. A simple test to see
if you do or not is to type something like:
yoursite.com/media/images/sharingImages/
This is the location that Gallery Photo uploads will go to. If you have gallery photos uploaded and you
can see a bunch of files then your account is set to allow index browsing. Consider turning index browsing
off to prevent this.
So what we can do is if someone knows the exact location of a file we can redirect them back to our
homepage for example. Which means if someone typed yoursite.com/media/images/sharingImages/1.jpg they wont
even be able to see it, they will be redirected to your homepage or anywhere else you specify.
The only way they are allowed to access the file is through your site by clicking on various links that
will take them to the particualar file.
Now obviously this isn't going to be what everyone wants. Some sites want others to be able to access a
picture or other file directly.
However if you are one of those people that don't want others to access these files the code is very
simple. We just make a new .htaccess file and put it in the sharingImages folder/directory for example,
like yoursite.com/media/images/sharingImages/.htaccess
The Code to add:
#<--Below this line-->
AuthUserFile /dev/null
AuthGroupFile /dev/null
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://www.yoursite.com.* [NC]
RewriteCond %{HTTP_REFERER} !^http://subdomain.yoursite.com.* [NC]
RewriteCond %{HTTP_REFERER} !^http://.yoursite.com/subfolder.* [NC]
RewriteCond %{HTTP_REFERER} !^http://yoursite.com.* [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yoursite.com/subfolder.* [NC]
RewriteRule /* http://www.yoursite.com/index.php [R,L]
#<--To above this line-->
Or download this zip file with a .htacess in the right format from
Download Here.
The RewriteCond lines you need to replace yoursite.com with your actual site. Be sure to add more lines if
you have more sub domains or subfolders you want to be allowed to access.
The RewriteRule line is the location you want them to be redirected to if they try to directly access a
particular file. You can change this to anything you want.
Upload it to the sharingImages folder. Open up a new browser window or tab and now type the location:
yoursite.com/media/images/sharingImages/1.jpg
If you have successfully added this then you should be redirect to your homepage or whatever you happened
to change it to above.
Now login as a member of yoursite and access the same photo by means of the photo gallery links. You should
be able to access it through your website if you correctly changed yoursite.com to your actual site above.
This can be applied to many locations in Dolphin, and some in Ray. Make sure you do not overwrite an
existing .htaccess file. You might add the code above to an existing .htaccess file, but do not overwrite
one.
Do not place the code in any of the main or top level ray folders or audio/video will not play in firefox.
Folders/directories you can add it to in ray are any of the xml folders such as:
/ray/modules/movie/xml/.htaccess
/ray/modules/mp3/xml/.htaccess
Etc...etc.
As previously mentioned do not put this in any of the ray files folders because it wont allow users to see
or
hear a file in firefox such as:
/ray/modules/movie/files/.htacess this will cause problems in firefox.
I'm still working on these folders/directorys and will update this if or when anything developes.
For other types of sites if you have an area that you don't want someone to be able to type the address in
and see a file this works great too.
I can not say that it will work for every script and every type of setup out there. This would be
impossible to test it on everything. But it certainly is worth a try.
It is important that you make sure you edit the code for yoursite.com and all sub domains or subfolders.
Otherwise nobody will be able to access the file or folder/directory even through your site links.
I hope you find this helpful and find a use for it, whether Dolphin or any other type of web site.