WordPress root folder .htaccess:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(www.)?SOMEIP [NC] 
RewriteCond %{HTTP_REFERER} !^http://(www.)?SOMEIP.*$ [NC] 
RewriteRule .(pdf)$ denied.php [L]

The folder /wordpress/documents contains all .png files uploaded by user. To dispaly file to user, the url is http://SOMEIP/wordpress/web/viewer.php?name=filename.png?1424355387. Here time() is appended with filename.

documents folder has permission set 755 and when anyone directly access, it thorws Forbidden exception. But when I directly access file using http://SOMEIP/wordpress/documents/filename.png, its simply showing the image on the page.

Another .htacess inside documents folder contains following code:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www.)?SOMEIP [NC] 
RewriteCond %{HTTP_REFERER} !^http://(www.)?SOMEIP .*$ [NC] 
RewriteRule .(gif|jpg|png)$ denied.php [L]

Where denied.php is the file showing Access denied message. I want to prevent the image showing as http://someip/wordpress/documents/sample.png directly in the URL bar and the rule is not working.

Read more here: How to view a file, but prevent direct URL access?


If you know the solution of this issue, please leave us a reply in Comment section, to update the question.

Wordpress related questions and answers: