Ben Mack Ben Mack - 1 month ago 10x
CSS Question

Block direct access to js, css file but allow access from index.html?

This is my directory look like:

  • index.html

  • data.js

  • .htaccess

Content in index.html:

<script src="data.js" />

My problem is:

  • I don't want user to see my
    by direct link like

  • But
    still allow access from

I tried in .htaccess like:

deny from all


RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost.*$ [NC]
RewriteRule \.(gif|jpg|css|js|png)$ - [F]

But it alway block access from index.html too.



My tips are easily bypassed, but without be careful, we can be trapped.

Only live view of the page

You can replace or remove script tag with javascript for hide this in live view of the page. But if you watch directly the network, you can see easily the javascript file/code.

<div id="RemoveMe0">
    <script type="text/javascript">
        //This code it is hidden to live view.
        var my_var = 5 + 5;

        //or document.getElementById("RemoveMe0").innerHTML = "";

For include javascript :

<div id="RemoveMe1">
    <script type="text/javascript" src="Javascript/MyJS.js"></script>
        //Your include it is hidden to live view.

Only direct view

Put your files in an HTML file (myfile.js to myfile.html), like this on a direct view you can execute a javascript function.

function Hello() {
//<script>document.body.innerHTML = "";</script>

Or if you don't want to rename your file, you can to use .htaccess file to modify file header.

AddType text/html .js

Or minize/parse your JS

You can use tool like this :