Htaccess help for denying all request except from one page

macrocurse · July 21, 2020, 9:32am

Website URL : mcurse.rf.gd

hello
newbie in php language here and was woundering if there is a way to prevent access to a vital folder of my website from all except a certain php page . and if there is a way to do so can i just access the folders content via directory path/to/secret/folder or i have to request the data in some other way from the page (that i want to be only way to access said folder)
any detailed information about the website would be the folder i like to lock is inside htdocs (public folder) the content inside the folder i want locked is images
any help would be welcome

thanks in advance

katufo · July 21, 2020, 11:01am

Using or editing .htaccess. I hope this could help you

macrocurse · July 21, 2020, 1:56pm

Thank you very much .
I will check it out right now

macrocurse · July 21, 2020, 7:29pm

so here is the piece of code i want to use or at least semilar

RewriteEngine on
RewriteCond %{HTTP_REFERER} somedomain.com [NC,OR]
RewriteCond %{HTTP_REFERER} anotherdomain.com
RewriteRule .* - [F]

however i want to use it like so

RewriteEngine on
RewriteCond %{HTTP_REFERER} !mywebsite.com/proccessing.php [NC,OR]
RewriteRule .* - [F]

so i can deny access to said folder except by the php that i want is this even possible or should i give up on trying to fix it with htaccess

adisp007 · July 22, 2020, 1:19am

Make .htaccess file inside your restricted folder.
Its code:

Order allow,deny
Deny From All
<FilesMatch "^processing\.php$">
Allow From All
</FilesMatch>

macrocurse · July 22, 2020, 9:12pm

does not work
thanks for trying to help

adisp007 · July 22, 2020, 9:39pm

It’s weird. I already try it myself.

Check this:
I created a folder test on my beta.adisp007.ml subdomain.
After that, I created 4 files inside it: .htaccess, index.php, page.php, & allow.php.
I configured that .htaccess file so people only can access allow.php file on that folder.
If someone access except allow.php file, they will be redirected to forbidden page.
http://beta.adisp007.ml/test/allow.php (you can access this page)
http://beta.adisp007.ml/test/page.php (you can’t access this page & the rest inside that folder)

Its .htaccess code is same:

Order allow,deny
Deny From All
<FilesMatch "^allow\.php$">
Allow From All
</FilesMatch>

Only changed processing.php to allow.php accord to my files structure.

macrocurse · July 22, 2020, 10:00pm

alright man i think i should be more clear in my question sorry for that
i have a folder which contains 4 subfolders each containing images
i want access to this folder its subfolders and files(images) denied to all except coming from a file.php so .htaccess goes inside main restriced folder .
and the .htaccess >>>path to >>> file.php would be “…/inc/file.php”
if this would be possible i wont have to use script and have to use less hits per user

macrocurse · July 22, 2020, 10:38pm

so all of this could be as easy as placing the files out side of htdocs(out side of public folder)
which in infinityfree is not allowed ?

adisp007 · July 22, 2020, 10:44pm

As far as I understand,this is an example for what you want:
I created 4 folders inside my previous test folder: one, two, three, four, & inc
& inside inc folder I created file.php file.

I changed my .htaccess file code to:

RewriteEngine On
RewriteRule ^inc/file\.php - [L]
RewriteRule ^allow\.php - [L]
RewriteRule ^ - [L,F]

So there are 2 allowed files to access:
http://beta.adisp007.ml/test/inc/file.php (this is an example for your file?)
http://beta.adisp007.ml/test/allow.php (you can remove this on that code)

macrocurse · July 22, 2020, 11:12pm

still does not work man
it denies access to the images but it denies it coming from file.php too
hence it wont echo out the images

adisp007 · July 23, 2020, 12:01am

I still don’t understand what you want.

So,you mean you want to forbid access to the images, but still want to view them on file.php file (for example by using <img> html tag)?
No code can do it. You can choose one choice, man.

Once you forbid access to public,then public can’t access it.
Even if you can allow file.php to access the images, but in the end you or some people that access file.php are public. The images won’t be generated.

But you can make certain people to access them, for example your IP or/and your hosting IP (file.php).

macrocurse · July 23, 2020, 12:55am

so your hosting ip(file.php) if this is possible this would do it , wouldnt it ?
the filephp would be public but the images priavte and visitors request filephp which requests images , would that be possible

katufo · July 23, 2020, 7:01am

I found this one, hope this could help you:

<FilesMatch ".(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$">

Order Allow,Deny

Deny from all

Allow from 192.xxx.xxx
</FilesMatch>

Change the 192.xxx.xxx into your ip address
Add a directory or folder or file inside the FilesMatch, like you see above.

macrocurse · July 23, 2020, 8:16am

Hello katufo
thanks again for the replay.
With my little knowledge i think this prevents access from certain files except requested by the given ip.
If this is the case iam afraid it will not do because in the end diffrent people will request thier images from diffrent ips and should get them (the purpose of the site)
What i specificaly want is for the folder or files inside that folder which will be jpg, jpeg or both to be inaccessable throu out typing thier mysite/path/file.jpg
But also user can only access them when requested by file.php .
Sorry if my explaining is not all that good

adisp007 · July 23, 2020, 12:12pm

That’s still impossible.
I mean if you want to make only certain people to access your files, you can do it by using .htaccess, such as @katufo posted above.
But that won’t make what you want.

Even if file.php is allowed to access your images,the public still can’t view your images because their images request (by browser) are your original images URL.
This is its diagram:

diagram

But after I tried (trial&error),I can make the images viewable using .htaccess+PHP.

Continue from my post above:

For example I uploaded img1.jpg & img2.jpg inside folder one.
The code inside file.php is something like this:

<?php
$img1 = '../one/img1.jpg';
$img2 = '../one/img2.jpg';
$img1Data = base64_encode(file_get_contents($img1));
$img2Data = base64_encode(file_get_contents($img2));
echo '<img src="data:image/jpeg;base64,'.$img1Data.'" alt="img1" />';
echo '<img src="data:image/jpeg;base64,'.$img2Data.'" alt="img2" />';
?>

But the burden for the server becomes a bit heavy because of file_get_contents function.
Moreover if you will generate many images.

P.S. for moderator:
I think this thread must be moved to other Category.

macrocurse · July 23, 2020, 4:56pm

you my friend are a life saver this is what i was looking for.
i have been surfing the web for a while now and posting on multiple forums
thanks for keeping up with a newbies question

anon19508339 · July 23, 2020, 5:07pm

Since this topic is related to development, and Development support merged into previous hosting support, so it isn’t really necessary.

system · August 7, 2020, 5:07pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.