.htaccess -tried for four hours - no luck

Elements
1

Want to restrict access to resources - tried so many variations with chat gpt - but it kept cutting off resources the page needs. URL, svg, etc…

Any simple way to do this?

Thanx
-Mike

1 Like
2

You will need to modify your prompt most likely. This is the prompt I used and the response I got. You will need to fill in the missing info it asks for. I used Chat GPT.

Prompt:
I need an .htaccess file that restricts direct crawling and public access to the resource folder but allows the html and javascript to access the resource folder as needed to print the pages when called for. Do you need any additional information to complete this task?

Response:
Yes, I need just a little more detail to ensure the .htaccess rules work correctly for your setup:

  1. What is the name and path of the resource folder? (e.g., /resources/ or /assets/resources/)

  2. Are the HTML and JavaScript files served from the same domain as the resource folder?

  3. What type of resources are in the folder? (e.g., images, PDFs, JSON, etc.)

  4. How does the HTML/JavaScript access the resource folder? (AJAX/fetch, <img>, <link>, etc.)

Once I have that, I can create a .htaccess file that:

  • Blocks crawlers and direct browser access

  • Allows access when requests are made via your HTML/JS on your site

@elementsbot can you help @MichaelDroste ?

3

spent another couple of hours.. this seems to work didn’t look at all 100+ pages of trumpetstudio.com

This is UNIVERSAL CODE and will protect anyone’s resource folder - I’m posting so that it might help others..

Enable rewrite engine

RewriteEngine On

Extract the referer host (e.g., www.example.com)

RewriteCond %{HTTP_REFERER} !=“”
RewriteCond %{HTTP_REFERER} !%{HTTP_HOST} [NC]

Also allow YouTube and Google embeds (for previews, if used)

RewriteCond %{HTTP_REFERER} !^https?://(www.)?youtube.com/ [NC]
RewriteCond %{HTTP_REFERER} !^https?://(www.)?google.com/ [NC]

Allow blank referers (for browsers/extensions that strip it)

RewriteCond %{HTTP_REFERER} !^$ [OR]

Allow requests from this domain

RewriteCond %{HTTP_REFERER} ^https?://(.*.)?%{HTTP_HOST} [NC]

Block hotlinking to protected files

RewriteRule .(mp3|mp4|pdf|midi|wav)$ - [F,L]

4

was getting 403 forbidden errors again :slight_smile: here is the revised code to fix it - allows http or https variants

Enable rewrite engine

RewriteEngine On

ALLOW if the referrer CONTAINS your domain (http or https, with or without www)

RewriteCond %{HTTP_REFERER} ^https?://([a-z0-9-]+.)trumpetstudio.com [NC]
RewriteRule . - [L]

Allow blank referers (Safari, extensions)

RewriteCond %{HTTP_REFERER} ^$ [OR]

Allow YouTube/Google embeds

RewriteCond %{HTTP_REFERER} ^https?://(www.)?(youtube|google).com/ [NC]
RewriteRule .* - [L]

Block hotlinking to protected files

RewriteRule .(mp3|mp4|pdf|midi|wav)$ - [F,L]