Pls help, need to secure a directory

hi all,
i have a directory that contain images , and i would like to secure it.
this directory can contain *.php files but i would like that these pages can't been executed, exemple :

www.mywebsite.com/images/image.gif (this image can be seen by people)
www.mywebsite.com/images/page.php (this page exist but it must not be executed ).

hope i've been clear , and i would like that you help me to do that, i think it's doable with htacces file that i will make it in the image directory, but i don't know what it contain
thanks to all and sorry for my bad english

 

Using .htaccess, you could redirect traffic away from those *.php pages using mod rewrite. This works for all users all the time. For instance, if there was a stub page called blank.html containing the word "no", I might put this in the .htaccess:

There might be a way to just issue a 401 page not found error. I am not sure how to do that. It would be the better solution because it does not hint at the page's existence. In the same vein, if the pages are unnecessary, erase them. If they are being called by some other script, I would move them into a safer location.

This will not going to work if mod_rewrite is not enabled. You might need to check with your ISP if it does not.

 

Another way is to chmod all the php files you don't want to be executed to 600 or 400.

 

Please add following rules to your .htaccess file which should be placed under /images folder.

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(php)$ /images/nohotlink.jpeg [L]

replace mysite with your actual site name
nohotlink.jpeg with any image that you have in images directory.

Hopefully that should solve your problem.

Regards,

 

oh thanks all verrrrrrrrrrrrrrrrrrrrrrrry much , it works great , great members
thanks