Secure the images, pdfs etc online

t11 · February 19, 2019, 8:54am

This is a more generic ‘how to’ but nice to discuss it since other users might have this ‘issue’ too.

I would like to ask how it could be done to secure images and files uploaded online.
For example I have a situation where the admin will be uploading some contracts online which will be accessible from the relative users (with username and pass). The issue is that if someone has a direct link to the pdf, jpg etc file he would be able to view the file. How could this be avoided?

Thank you!

updates · February 19, 2019, 9:01am

Hi @t11, I have the same problem!
That’s an interesting post !

Teodor · February 19, 2019, 9:21am

You can do this using .htaccess:

RewriteEngine on 
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain\.com [NC] 
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain\.com.*$ [NC] 
RewriteRule \.(gif|jpg)$ - [F]

Just add the file extensions you need here: (gif|jpg)

This will return 403, if you try to access images directly using their URLs, but allows them to be displayed on site.

t11 · February 19, 2019, 9:08am

Thank you @Teodor.
For the records I also found this on stackoverflow.

Thank you!

Teodor · February 19, 2019, 9:09am

Yes it’s also possible, but i think the .htaccess solution is just easier.

Elias · August 7, 2019, 7:25pm

but the .htaccess solution is less secure as it is vulneralbe to Referer spoofing attack