Block access to subfolders in the URL (Wordpress) from the 403 Forbidden

Asked

Viewed 812 times

1

I hope my doubt is clear:

I’ve seen images uploaded by Amazon Cloudfront that has its URL "differentiated" for images and blocks all subfolders of the path if the user tries to access. Explain.

URL displaying the image: dyqnik0vds4aw.cloudfront.net/uploads/blog/image/900/image.jpg

If we remove the jpg image., for example, displays the following message:

    This XML file does not appear to have any style information associated with it. The document tree is shown below.

<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>0A1B7A4F06A544B7</RequestId>
<HostId>
HAvQCyWqXGr6xFPOA4IIZPWudC+TSxyBnjQyMitrHu5cQ9eBk6zbFrHWY82xvMVREzYbnWCtU5g=
</HostId>
</Error>

That is, if the user tries to access any other subfolder of the image path is blocked.

However I am using Wordpress to create a site, when you use an image, by default, it gets the URL site.com/wp-content/uploads/2018/02/imagem.png. If the user withdraws /2018/02/imagem.png (in case, accessing site.com/wp-content/uploads/) the INDEX OF page appears and it is possible to access some folders, what I would like to avoid if possible.

Anyway, I wonder if I can block/hide the image path the way Amazon Cloudfront blocks your links.

             ----------------------- *edited* -------------------------------

After a while dealing with websites and seeing several things here from SOPT, in the opera summary, what I want is to create a page 403 forbidden that in addition to blocking folders more specifically Wordpress is a custom page.

I believe it would only be to increment the @Almeida response below.

  • 1

    Possible duplicate: https://answall.com/questions/214786/htaccess-para-impedirnavega%C3%A7%C3%A3o

2 answers

1

@vulgogandini

yes, it depends on the needs, I am currently in particular mode using in all subversion folders, ie the index of, for this just a simple command in your file . htaccess

Basic rewrite rules, stop unnecessary PERL bot, block subversion directories

COMMANDO:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^(.*/)?\.svn/ - [F,L]
ErrorDocument 403 "Acesso proibido"`

remembering, that your server must be enabled Ifmodule mod_rewrite. c to make it work

result after placing the code on the file, is this: 403 Forbiden this is because you are denying access to all of the index folders

see a site that I set up especially for this occasion as a model: http://www.site-space.16mb.com

in this case if I try to access the directory "Assets" index of which is my folder inside my server, it returns me access denied. see:

http://www.site-space.16mb.com/assets

1

good in my case, I did it on my site, but I do not use wordpress, but I advise you to create a file called . htaccess in the root folder of your server and create custom error pages like 404, 403 (access prohibited) among others, done these processes, you will open your htaccess file and will insert it:

###### Regras básicas de reescrita, parar desnecessários bot PERL, bloquear diretórios de subversão

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^(.*/)?\.svn/ - [F,L]
ErrorDocument 403 "Acesso proibido"



###### PROTEGER ARQUIVOS E DIRETÓRIOS
<FilesMatch "(\.(engine|inc|info|install|module|profile|po|sh|.*sql|theme|tpl(\.html)? |xtmpl)|code-style\.pl|Entries.*|Repository|Root|Tag|Template)$">
Order allow,deny
</FilesMatch>


###### BLOQUEIO LISTAGEM DE DIRETÓRIOS

<IfModule mod_autoindex.c>
    Options -Indexes
</IfModule>
  • in case only add the folders of my directory in after the ...theme|tpl(\.html)|wp-content|images? etc. right?

Browser other questions tagged

You are not signed in. Login or sign up in order to post.