Is it enough to use RewriteEngine on and disable indexing to prevent access to my host's images?

Navigation
0

Hi, I'm trying to avoid seeing my non-registered user images unless they have logged in and the php file contains a code like this: 

<img src="<?php if(isset($profile_picture)) echo $profile_picture; ?>" class="img img-rounded" width="100"/>

For that I have written in my .htaccess file the following code: 

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?blueemon90.xyz [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
Options All -Indexes

Which blocks access to the image with urls how are you www.mipagina.com/fotos/mifoto.jpg but I realized that by placing this address www.mipagina.com/fotos the index of the page appears and if I click on the photo if it is displayed, for which I decided to disable the indexing of the page, it is enough security with my code in .htaccess and disable indexing?

This is how it looks on my host:

    
asked by Daniel Treviño 19.10.2017 в 17:28
source

1 answer

0

To achieve what you want, I recommend saving all your images outside the Apache DocumentRoot and doing a php that returns the image when you need it.

here is an example of the php that reads and returns the image. 

$file = '.monkey.gif';

if (file_exists($file)) {
    header('Content-Description: File Transfer');
    header('Content-Type: application/octet-stream');
    header('Content-Disposition: attachment; filename="'.basename($file).'"');
    header('Expires: 0');
    header('Cache-Control: must-revalidate');
    header('Pragma: public');
    header('Content-Length: ' . filesize($file));
    readfile($file);
    exit;
}

The image may be in a path to which apache does not have access (outside the DocumentRoot) but if it has permission to read it.

Greetings

    
answered by 19.10.2017 в 20:10
Doubt of how to make multiple inserts Reset JFXDatePicker JavaFX