So I am embedding a PDF file on my page:
<embed src="http://www.mywebsite.com/files/ebook.pdf" width="500" height="375">
Is there anyway to prevent any and all access to that file except for when it is being accessed via this embed?
Thanks!
More elegant way would be to prevent access to that file or better directory from .htaccess file and only allow locally. Then your php script will acss the file when you need it. You can also force download from php.
See this for php example.
And your .htaccess file will look like this and will reside in your restricted directory (where pdf is located):
#denies access to all but the allowed IP (presumably yours)
#all other users will be redirected to the ErrorDocument
ErrorDocument 403 http://www.example.com/your-login-page.php
Order deny,allow
Deny from all
Allow from 76.117.227.192
Last line is your IP address (server) or put simply Allow from localhost instead. If somebody else will try to access the directory or files in it, they will be redirected to ttp://www.example.com/your-login-page.php with status code 403 (access forbidden). Good Luck
you can use something can this from flashpaper from adobe http://www.adobe.com/products/flashpaper/ that way you can show your pdf files as flash embeddable but users cannot download it
Related
I have been struggling with this all morning and I have not had much luck.
I am trying to get the following stackoverflow post to work: How to remove .html from URL
Here is my file directory with the htaccess file:
Here is my code that works fine using .html
So I went into sublime text and posted the same code into a .htaccess file as shown here (also in my directory first pic):
I then changed my links and removed .html
But I get an error
If anyone could please tell me what I'm doing wrong I would be grateful! Been bashing my head on this all morning
.htaccess is a file used to control access for Apache web servers. It won't affect anything unless you're running and accessing an Apache server. From your screenshots I can see that you're directly opening a file from your hard drive.
Your browser is saying File not found because you're trying to access a non-existent file. The address bar in your browser should say this:
file:///Users/mikegeng/Documents/GitHub/MichaelGeng.github.io/index.html
.htaccess is used by Apache Webserver. You must install and configure an Apache Webserver and access your site through http://localhost for example.
Currently your .htaccess is completely ignored until your site is served by Apache.
How do I download an htaccess file from another website?
How do I view my own htaccess in my browser?
I have tried to go to www.website.com/.htaccess but no success for example.
I know that there is a command that can be added to the htaccess file to disable viewing but I'm talking about htaccess files that do not include this code.
By default, Apache config has
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ".ht*">
Require all denied
</Files>
So you can't, or you shouldn't be able to. It would be a security problem otherwise.
How do I download an htaccess file from another website?
That's not possible, .htaccess can contain sensitive information, that's why the default configuration prevents access to this file.
How do I view my own htaccess in my browser?
You can modify the server configuration (see how to configure apache to view hidden (.) files?) to unblock access to this file. But if you have access to this configuration, you probably have an access to the file, so you should be able to view it with another tool than your browser.
I am tinkering around with webpages on a LAMP server running Apache2 and was wondering if it was possible to make a directory accessible only to your web pages and not from outside?
Example scenario:
Directory to protect: dir1 containing images (jpg, png)
My own webpage: mypage.html that calls images from dir1
My website: www.myweb.com that contains both dir1 and mypage.html
Currently, files inside the website can be accessed via www.myweb.com/dir1/somefile.jpg or by calling mypage.html
I would like it to only be accessible by calling mypage.html
I have tried the following:
modifying .htaccess to disallow access of image types
<files "*.jpg">
deny from all
</files>
(doesn't work because mypage.html cannot access it either)
Modify apache2 conf file with:
<Directory /var/www/dir1>
AllowOverride None
<Limit GET POST OPTIONS>
Order deny,allow
Deny from all
</Limit>
</Directory>
(this actually semi-worked as it allowed me to write to directory but not read, maybe this can be modified to allow requests coming from internal web pages to go through?)
I guess to conclude, is there a way to get Apache2 to ONLY accept requests to access a directory if it is of a certain url of your choosing?
Thanks in advance.
So, I've decided that the approaches I've taken so far really don't cut it and found you could actually call a php function where
<img src='somefile.php?query=xxx' alt='pic'>
and where in the somefile.php I have that takes in img file name created from the query above.
echo file_get_contents($imgresource);
By serving the image from a php script and blocking this php script from being called without proper credentials, sessions, cookies and IP blocking, there is some security set.
So I guess it doesn't really answer the question in its entirety of blocking access only to some URLs but it works for the purpose of not being able to be accessed externally since I have buried the directory below (or above?) the web root directory where it can't be called from a url and only from internal script.
I have small CGI script running on a server[Linux OS]. following is a part of script output..
<tr><td valign="center">Lol</td><td valign="center">10112</td><td>abc.pdf</td></tr>
But when I click on this abc.pdf hyperlink, browser displays error message:URL /home/pathtopdf/abc.pdf was not found on the server. while the pdf and path is definitely there and all files and folders in the path[including pdf] has full permission.
My server location is # /srv/www and script in /srv/www/cgi-bin, but when I put the link to pdf as follows
<tr><td valign="center">Lol</td><td valign="center">10112</td><td>abc.pdf</td></tr>
The error message was The requested URL '/srv/www/for_html/abc.pdf' resolves to a file which is marked executable but is not a CGI file; retrieving it is forbidden. Again permission is there for files.
What could be the problemo?
Your problem is that you try to request a file outside of the webroot. So by clicking that, the browser is really requesting
http://example.com/home/pathtopdf/abc.pdf
not
/home/pathtopdf/abc.pdf
You can edit your apache config file and add a virtual host to that directory under a subdomain (say downloads)
After your edit, I am assuming you are using the file:// protocol, directly on the server. I would say just to remove the executable bit from your .pdf's file permissions. Run from a shell:
chmod -x /srv/www/for_html/abc.pdf
I bought a domain name and am trying to figure out how to configure it responsibly. I haven't set up an index.html file yet and I've noticed that if I hit my domain, I see my file directory tree and I can dive down to all the files within my browser. Is there a way that I can disable this? I am hosting it on Apache
If you are using IIS.
Right-click on your website, and choose Properties.
Select Home Directory tab.
Uncheck the Directory browsing.
You can try a few things:
create an empty file named index.html and upload it into the public_folder
create an .htaccess file with the following contents: Options -Indexes
If you have some kind of cpanel for your site, look for options to disable directory browsing.
Creating the index.html file is probably the easiest and most consistent way to go.
FYI, my .htaccess info came from techiecorner.com