Is there a way to use a file for the making of a webpage but even if the address of that file is known the file can not be accessed directly using a browser?
Eh? What do you mean "for the making of a webpage"?
Which language are we talking here? PHP? Something else?
Assembling of a webpage, since most web pages are a collage of different parts (files).
Sounds like you want to use "PHP includes". That is, you have content in various files, which are pulled into a page via little bits of PHP. I'm sure you could deny access to those include files to prevent someone navigating directly to them. But you can also just put them somewhere where no one is likely to find them, as you can't see them from the source code itself.
I though maybe
deny from all
would work in that pages using example.jpg would show example.jpg and if you went to the file example.jpg directly via a browser then the browser wouldn't bring the file up. But the htaccess code above doesn't stop a visitor from viewing a file directly.
The simplest method is to place the files outside of the site root. If the files you are referring to are including server-side that will do. If they are some type of media file with user authentication requirements for access than a script/access point needs to be created to indirectly serve them up.
The only way there is to prevent image access directly that I know of (aside from having to log in) is to check the HTTP Referer [sic]. Even though this methods isn't waterproof, most people deem it "good enough".
The easiest way is to check in your .htaccess file:
RewriteCond %HTTP_REFERER} !^http://www\\.example\\.com/ [NC]
RewriteRule \\.jpg$ - [F]
This will show a 403 forbidden if you access a .jpg directly, but the image will work fine when used on a website on your own domain (here, www.example.com).
If you want more info you can google for "prevent hotlinking apache"
I'm aware of hotlinking but didn't think of visiting and linking as the same but standing in the shoes of the site being visited/linked to, they're exactly the same. I'll use the code you gave me. I have my css in an includes file because it takes so long for folders top open (on a shared server). The site loads a lot faster this way, but it reveals addresses to the images I use on every page. Someone recreated one of my pages and put it on someone else's site, this should stop them from using the images - along with the other htaccess code Options -Indexes.
This topic is now closed. New replies are no longer allowed.