HTACCESS - Block everything but specified SEO friendly URL

Question

Hi, I haven't found all the answer to my current problem.

Here is the root of the site:

• cache
• img
• display.php
• admin.php

What I need is to block all the direct access of the files and allow only access via url formatted like that:

1 ht*p://sub.domain.com/image/param/size/folder/img.jpg (param, size, folder, img are parameters)
2 ht*p://sub.domain.com/action/param1/param2/ (param1, param2 are parameters)

1 would point to display.php with the correct parameters
2 would point to admin.php with the correct parameters
Every other access must be 404 (at best) or 403

my rules are (the htaccess is in ht*p://sub.domain.com/):

RewriteRule ^image/([^/]+)/([0-9]+)/([^/]+)/([^/]+)\.jpg display.php?param=$1&size=$2&folder=$3&img=$4 [L]
RewriteRule ^action/([^/]+)/([^/]+) admin.php?action=$1&param=$2 [L]

Those rules work as I want to but I am stuck on how to block any access that does not come from those URL!

Also (as a bonus) I would like to be able to use the same htaccess on diferrent web address without having to change this file.

Thanks in advance

Answer 1

Have you try moving the image out of the public folder and use php to call the image in?

For the PHP files you can use the switch statement (http://www.php.net/switch).

For the admin.php file you can do something like:

$get_action = $_GET['action'];

switch ($get_action) {
    case "edit":
    case "view":
    case "delete":
    case "add":
        //Continue loading the page
        break;
    default:
       header('HTTP/1.1 403 Forbidden');
       die();
}

Note: I don't know how your code looks or works, but you can have an idea base on the code I added.

Answer 2

redhatlab -> moving the images, wont block the access to the php files.

Christian -> Could work but how can I do that? and wont it block the call to the php file?

Ben -> my aim is to have a link that look like a real image link and hide all the process of resize/thumb/etc...