You should use access control: http://httpd.apache.org/docs/2.2/howto/access.html
Order allow,deny
Allow from 127.0.0.1
Deny from all
Domanda
I have a .htaccess
script located in my Wordpress upload-folder, where I only allow Logged in users to see the files, to prevent users sharing links to a members only area.
My problem is that I have a ZIP-functionality that access the folder as well, and this doesn't work together...
.htaccess:
RewriteCond %{REQUEST_FILENAME} ^.*(mp3|m4a|jpeg|jpg|gif|png|bmp|pdf|doc|docx|ppt|pptx|)$
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteRule . - [R=403,L]
What can I do to allow access from my server???
Soluzione
You should use access control: http://httpd.apache.org/docs/2.2/howto/access.html
Order allow,deny
Allow from 127.0.0.1
Deny from all
Altri suggerimenti
You can use %{HTTP_REFERER}
based checks here:
RewriteCond %{REQUEST_FILENAME} ^.*(mp3|m4a|jpeg|jpg|gif|png|bmp|pdf|doc|docx|ppt|pptx|)$
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?domain\.com/ [NC]
RewriteRule . - [R=403,L]
Replace domain.com
with your actual domain. However keep in mind that HTTP_REFERER
header can be manipulated by some clients.