It is very common we link CSS and JS files in out HTML, PHP pages. Can we block opening of the CSS and JS files directly from a browser. Since the source code can be viewed by anyone, he/she can open those files by understanding the path. How can we achieve blocking these files?
You need to setup your web server to server the static content (js, img, css) only if refered by your host (looking at the http headers), but it won't totally prevent user from doing it. as for the php users won't see it, it runs on the server, and will output most of the times inert html.
A basic block would force the browser to send a valid Referer header when accessing the files. This can be done with some simple .htaccess:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !your\.domain\.here [NC]
RewriteCond %{REQUEST_FILENAME} \.(css|js) [NC]
RewriteRule .* - [L,F]
However this is not a great idea because it's easy enough to fake the referrer, or add a link to the page so that the browser naturally sends it. Also, some browsers just don't show the referrer header.
The browser has to be able to access those files in order to properly display the page. You can obfuscate the JS, either through something basic like minification, or something more complex like How can I obfuscate (protect) JavaScript?
With CSS, you can try something similar.
Look into the following resource, they might help.
http://www.iwebtool.com/html_encrypter
http://www.catswhocode.com/blog/3-ways-to-compress-css-files-using-php
http://refresh-sf.com/yui/
http://www.n1studios.net/tutorials/php/css-file-protection.html
all of them are somehow way around, and there is always a way to read them. you can only make them hard to read
Related
I have a situation as follows:
I have a website with lots of files in it (Yii Framework). I need to migrate it from http://domain1.com to http://domain2.com/foo/bar/
But previous developer has put the href, src, background-image etc links as follows:
href="/assets/img/img1.jpg"
src="/assets/js/script.js"
When I open the new website in browser, all the resources should be loaded like this http://domain2.com/foo/bar/assets/... to make it work. But, browser is interpreting the resources url as http://domain2.com/assets/...
As the resources doesn't exists here, they aren't loading.
As the urls are scattered everywhere in lots of files, it's not the best idea to change each and every url.
Is there a way to change the base url through htaccess (or some other method) so that server or browser will interpret href="/assets/..." as http://domain2.com/foo/bar/assets/...
You may use this 301 redirect rule at the top of other rules:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(?:www\.)?domain1\.com$ [NC]
RewriteRule ^assets/.+ http://domain2.com/foo/bar%{REQUEST_URI} [L,NC,NE,R=301]
I have a small portfolio landing page based on js/css/html. No frameworks/CMS, just pure static html. Entry point is index.html file with content on English language.
I want to use translations on my site: index.ru.html, index.ua.html, but I don't want to see any *.html or index.ua in the address bar. User can change a language by buttons on top of my page.
How can I route:
http://mysite/en to display index.html - first enter to site
http://mysite/ru to display index.ru.html
http://mysite/ua to display index.ua.html
?
Also can I route to specific div/section html tag: user enter http://mysite/ru/contacts to display contacts section in index.ru.html? Scrolling page also must change url... is it real or not?
Maybe I need to use micro-framework for my small needs?
EDIT:
Found good example on this site - http://www.even.lv/
Try adding this to your Root/.htaccess :
RewriteEngine On
RewriteBase /
RewriteRule ^en/?$ index.html [NC,L]
RewriteRule ^(ru|ua)$ index.$1.html [NC,L]
This will redirect "/en" to "/index.html" and "/ru" to "index.ru.html".
Might be using bootstrap scroll spy you can take user to sepecific section. if you don't want url to be change in that case ajax will help you. with use of jQuery you can trigger select change function jQuery("#language-select").change(function(){ // your logic try ajax here to change portion on page. })
Make directories for each language and put the relevant pages inside.
The only mechanism you have that allows you to omit a full url is the ability of the web server to serve a "default" page, which in your case is an index.html
By the same token to support mysite/ru/contacts you would need a directory structure of:
mysite/
ru/
contacts/
index.html
In other words, with pure html pages and without using rewrites, you can accomplish your structure with directories off the webroot and creating many individual index.html pages.
The other option is to use rewrite rules like those available using mod_rewrite and the apache web server.
Those rules require a good working understanding of regular expressions.
What I'm trying to do is have a single dynamic file that takes a parameter to affect content (/view.html?k=about) but uses history.pushState to change the URL to something more user-friendly (ki/about). In addition, anytime an AJAX call is made on content.html to load new content, it updates the URL according, (e.g. if products are loaded via AJAX, change URL to keywords/products).
My current solution is any path requested from ki is redirected via .htaccess to the view.html page. view.html then uses history.pushState to change the URL. As links are clicked, the URL updates. The problem with this, however, is it causes a infinite loop.
Here is my .htaccess file, residing in the /ki/ folder.
RewriteEngine on
RewriteRule ^(.*)$ /concept/view.html?k=$1 [R=permanent,L]
What can I do to get my desired result? If there's a way to achieve the same thing without the .htaccess file then that's acceptable too.
You are going to want to rewrite any url that goes in the form of ki/about to the /view.html?k=about behind the scenes.
history.pushState is only really meant to be used for web applictions like Spotify that don't reload the page but would still make sense to have the back button have some functionality.
That way, urls can be shared without giving 404 pages.
I have not tested this but I am sure you want something like this
RewriteRule ^ki/([A-Za-z]+)/$ /view.html?ki=$1
If the user types in the ugly url, they will still get to the same page no problem. But the pretty urls will direct users to the right webpage.
For more info you can go here.
http://www.yourhtmlsource.com/sitemanagement/urlrewriting.html
This is normal question, but i am very weak regarding .htaccess
I have one website in html.All Pages are in .html. Now only enquiry page is enquiry.php
So I want enquiry page from enquiry.php to enquiry.html in URL.
It should not affect other html files
Pls help
Provided you've already turned "RewriteEngine On" your rule might looks something like this:
RewriteRule ^enquiry.html$ /enquiry.php [QSA,L]
However depending upon your web host, that may not work out of the gate. For example, you might need to add a slash before the .html so it would read:
RewriteRule ^enquiry\.html$ /enquiry.php [QSA,L]
I've also seen where you may need to add "Options FollowSymLinks" to the top of the .htaccess file.
I typically refer to any assets on my site using absolute path so that I don't have to worry about the location of the assets relative to current file.
<!-- Using a absolute path. -->
<img src="/images/flag.png" />
<!-- Using a relative path. -->
<img src="../../../images/flag.png" />
However, this time I need to host the site at a non-root location e.g. http://my-server.com/holiday/.
How would I go about this? I am looking for a solution that doesn't require me to change the path in my files. How do I configure the server (Apache) to treat http://my-server.com/holiday/ as a "root"?
Clarification:
I still need http://my-server.com/ to behave "normally". That is, it should still point to http://my-server.com/index.html i.e. doesn't get redirected to http://my-server.com/holiday/.
If you’re using Apache, there one rather simple thing you could do by just using an SSI variable in your paths.
Do a global replace of all src="/ to something like
src="<!--#echo var="prefix" -->/
and then in your htaccess for the specific folder define the prefix variable as /holiday
For sites that don’t have the variable or SSI, it’ll just show up as a comment or you can define it as an empty string.
Of course this means you’ll have to turn on SSI in Apache.
try to add this to your .htaccess
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www.)?DOMAINNAME.com$
RewriteCond %{REQUEST_URI} !^/holiday/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /holiday/$1
RewriteCond %{HTTP_HOST} ^(www.)?DOMAINNAME.com$
RewriteRule ^(/)?$ holiday/index.php [L]
or take a look here - Changing the root folder via .htaccess
I don't think this is gonna happen for you man, sorry.
You have absolute paths in your documents, and want apache to prepend /holiday to them all without effecting the actual docroot? You can have one or the other, but not both.
You need to either do a mass edit and prepend the directory yourself, or move your images/css/etc into the actual root directory.
mod_rewrite is powerful, but can't really determine intent and parse the same url two different ways depending on what the user wants.
Edit:
I am wrong, but I don't have your answer. You may be able to use IS_SUBREQ in mod_rewrite to only apply the re-write conditions for sub-requests from your /holiday/index.php
Easy...
# Assuming mod_rewrite is an option...
<IfModule mod_rewrite.c>
# Turn it on!
RewriteEngine on
# If path is /images/flag.png, connect to /holiday/images/flag.png
RewriteBase /holiday/
</IfModule>
Assuming I'm understanding what you mean, this should do you just fine. Point of order, this .htaccess should be in /holiday/
I do this locally on MAMP for testing a website that's base is in http://localhost:8888/SocialNetwork/ ... If I didn't have that, my absolute paths of, say, /profile would go to http://localhost:8888/profile/ instead of http://localhost:8888/SocialNetwork/profile
what about using html's BASE element? http://www.w3.org/TR/html4/struct/links.html#h-12.4
although i´m not sure how you could have it in a single html file and inherit it to the rest of your htmls, so your source remains intact.
if your site is html-only maybe with frames, otherwise you could use some sort of server-side include depending on what youre using (asp, jsp, whatever). Check out this link for more information http://www.boutell.com/newfaq/creating/include.html
I hate to say this but none of the above provides the solution. The answers by #Zoltan and #stslavik were close but, unfortunately, didn't work when deployed; I wished one of them worked, though.
As a result, I resorted to using a combination of named constants and include files in PHP. More details: File Structure for a PHP Project. Note that it doesn't have to be PHP; you can use other languages that provide similar features. +1 for #margusholland whose answer led me to experiment with this solution.
EDIT:
Of course it would work in case you do with php. Adding:
<? define(_BASE_, substr($_SERVER['SERVER_NAME'] . "/" . $_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], "/" )) ); ?>
<html>
<head>
<script src="<?=_BASE_?>/path_relative_to_project_root"></script>
</head>
<body>
<img src="<?=_BASE_?>/path_relative_to_project_root">
</body>
</html>
If you have a list of filename extensions that should be redirected, you might want to use the rewrite conditions using pattern matching againt the extensions.
Another solutions is to simply create an /images directory under root and let images be downloaded from there. Or have there links to images in your path.