ProSkill Posted August 1, 2017 Share Posted August 1, 2017 I have an issue where anyone can see images directly if they have the image link, even if they don't have permission to view it otherwise. I think someone has figured out how to brute force images or crawl my site for them. How do I prevent guest or non-authorized users from viewing images hosted on my forum? Link to comment Share on other sites More sharing options...
CP_User Posted August 1, 2017 Share Posted August 1, 2017 I've added this to my .HTACCESS file in my uploads directory RewriteCond %{HTTP_REFERER} !^http://mydomain.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://mydomain.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.mydomain.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.mydomain.com$ [NC] RewriteRule .*\.(jpg|jpeg|gif|png|bmp|avi|mov|wma|wmf|wmv|doc|pps|xls)$ [R,NC] Glad you brought this up as I've just tried the above and confirmed it works. If someone could check it over too to make sure it's correct. Link to comment Share on other sites More sharing options...
ProSkill Posted August 2, 2017 Author Share Posted August 2, 2017 5 hours ago, CP_User said: I've added this to my .HTACCESS file in my uploads directory RewriteCond %{HTTP_REFERER} !^http://mydomain.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://mydomain.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.mydomain.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.mydomain.com$ [NC] RewriteRule .*\.(jpg|jpeg|gif|png|bmp|avi|mov|wma|wmf|wmv|doc|pps|xls)$ [R,NC] Glad you brought this up as I've just tried the above and confirmed it works. If someone could check it over too to make sure it's correct. That doesn't appear to work or do anything actually. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.