Hello everyone. I have set up an apache server, hosting a website. For example In my website you can play with an online javascript atari roms. Whenever you load a rom in the website, the javascript temporarily downloads it to your browsers cache. If you for example write website.com/roms/atari.zip you can download this rom. I do not want this. Is there a way to forbid direct access to this file but also whitelisting access from within the javascript requests? Many thank you in advance.
A rule can be added in htaccess file for this. For example, the following code will block access to files ending in .ini, .log, .sh and .zip <FilesMatch "\.(ini|log|sh|zip)$"> Order Allow,Deny Deny from all </FilesMatch>
The following .htaccess rules should help you: RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?website.com [NC] RewriteRule \.(zip)$ - [NC,F,L] Code (markup): Rules are checking the referrer, and if the referrer is not from 'website.com' it can't list nor download zip files.