skip to Main Content

I want to access the image folder which is located in (e.g "example.com/images/one.jpg").
I have created the subdomain named (e.g "subdomain.example.com").
Both domain folders are in same public_html.
How i can authoize my subdomain, which can access files using htaccess rules or anything else. i tired this "../../" before file name, but not working.

Note: i dont want to put a whole path to access the files from root domain, such as https://……

Thanks

3

Answers


  1. Browsers deal in URLs, not the paths on your filesystem.

    It sounds like you have configured your server so that the images are only available on example.com and are not available on subdomain.example.com.

    You therefore need to tell the browser to access the images from the other hostname.

    src="//example.com/images/one.jpg"
    
    Login or Signup to reply.
  2. If you have a domain.com and sub.domain.com, these are two completely different paths. You cannot get data from each other using reference as path like '../images/foo.png'.

    In this case, you have to put all the path https://www.sub.domain.com/images/foo.png. This is the same way you need to do when uses a subdomain as resource in order to decrease the number of request in your website for images and sources in general.

    Login or Signup to reply.
  3. I did a little bit of server configuration in the .htaccess file. I write the rule that no image can be publicly accessible. but I want to authorize my subdomain which can access the image URL.
    :
    Note: both domains are in the same public_html directory

    You would seem to require an exception for the subdomain and block other hostnames?

    It’s a bit of a guess how you are currently doing this – either with mod_authz_core and a <FilesMatch> container perhaps? Or using mod_rewrite? Or an Apache <If> expression??

    You could do something like the following using mod_rewrite, near the top of the root .htaccess file to block access to all images, except when accessed via the subdomain.

    RewriteEngine On
    
    # Block (403 Forbidden) all image requests unless accessed through the subdomain
    RewriteCond %{HTTP_HOST} !^subdomain.example.com
    RewriteRule .(jpe?g|png|webp|gif)$ - [F]
    

    Now, a request of the form https://example.com/images/one.jpg will be blocked, but https://subdomain.example.com/images/one.jpg will be accessible.

    i dont want to put a whole path to access the files from root domain

    But you will need to use an absolute (or protocol-relative) URL to access the files from the subdomain.


    UPDATE:

    Current rules in my parent domain "example.com"

    RewriteCond %{HTTP_REFERER} !^https://example.com/ [NC]
    RewriteRule .(gif|jpg|jpeg|png|mp4|mov|mkv|flv|svg)$ - [F,L]
    
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    

    Ah, so you’ve implemented a form of hotlink protection! In that case you would seem to just need to modify the first condition to allow requests from the subdomain as well. For example:

    RewriteCond %{HTTP_REFERER} !^https://(subdomain.)?example.com/
    

    To allow requests from both example.com and subdomain.example.com. The NC flag should be omitted. All browsers will lowercase the hostname in the request.

    No other rules are required to "allow" access. You do not need to use the absolute URL to access these resources – since that does not appear to be what you are blocking. You simply need to be able to access these resources from another host (ie. the subdomain).

    In summary:

    RewriteEngine On
    
    # Hotlink protection
    RewriteCond %{HTTP_REFERER} !^https://(subdomain.)?example.com/
    RewriteRule .(gif|jpg|jpeg|png|mp4|mov|mkv|flv|svg)$ - [F]
    
    # HTTP to HTTPS redirect
    RewriteCond %{HTTPS} off
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
    

    The L flag is not required with the F flag, since it is implied.

    The ^(.*)$ is unnecessary since the backreference is not being used. Simply having ^ is sufficient and more efficient – to be successful for everything without having to actually match everything.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search