Jump to content
xisto Community
itssami

How To Protect Css File From Public?

Recommended Posts

i want to include a css file in a webpage , but i want to to keep it somewhere where people can not access it.for example ,if i keep a css file in, domain.com/somefolder/cssfile.css , then anyone can access it.. because in page dource there is that css file url.. i want that even when someone save the page , he can not have access to my css file.. is it possible ?? thanks

Share this post


Link to post
Share on other sites

You cannot keep it somewhere where people cannot access the stylesheet. The html file you've coded have linked to the stylesheet. Hence whenever your visitor visits your site, the stylesheet is also downloaded together with the html file, images, sounds etc. The alternative to protect your stylesheet is to encrypt it in such a way only your html is able to understand. Humans, like us, will not be able to understand the stylesheet codings even if they've got the exact stylesheet file.

 

A little search on google gave a nice software that is able to encrypt your stylesheets as well as your html files and javascripts.

http://www.htmlguardian.org/help_main.html

 

As stated on the webpage,

nearly 90% of the webmasters who want to encrypt html code, protect ASP, Javscript, VBScript, PHP files or style sheets, hide html source from thieves, need extremely secure html password protection or an enhanced image protection use HTML Guardian.

 


Fortunately there's a fully functional free Personal Edition for download and use. You may like to try that out.

Share this post


Link to post
Share on other sites

You can use HotLink Protection for your style and css files
i use HotLink Protection for my images in my site
you can find HotLink Protection in cpanel
HotLink Protection is in Cpanel , at first login in cpanel and click at Leech Protect , then type your style or css or image url . <_< thants all
look at note of HotLink Protection ::

HotLink protection prevents other websites from directly linking to files (as specified below) on your website. Other sites will still be able to link to any file type that you don't specify below (ie. html files). An example of hotlinking would be using a <img> tag to display an image from your site from somewhere else on the net. The end result is that the other site is stealing your bandwidth. You should ensure that all sites that you wish to allow direct links from are in the list below. This system attempts add all sites it knows you own to the list, however you may need to add others.

Edited by farsiscript (see edit history)

Share this post


Link to post
Share on other sites

Hotlink protection will only stop others from accessing the file from another server or another Domain. The way Hotlinking works is to stop others from using the file from your account on your server to style their page on their site. Or from using your Bandwidth to display an image from your account on their page.As Inspiron pointed out, the css file must be accessible to be sent along with the html, so Hotlink protection will not be good in this instance. And I believe that if you move the css file above the public_html folder, it would not be served with the pages, either, leaving the encryption method as the correct alternative.On the other hand, what's the big deal about letting others see you css? Are there State secrets stored in there? Matters of National Security? Letting people see the css file is not a big deal.

Share this post


Link to post
Share on other sites

Since hotlinking is already mentioned the manual (and slightly cleaner) way to do it is to add the following to your .htaccess file:

RewriteEngine onRewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC]RewriteRule \.css$ - [NC,F,L]
If someone tries to navigate directly to your .css file it'll send them to the 403 forbidden page instead.
However, there are two problems with this approach. 1) It's very easy to fake the referer, and so it's quite easy to circumvent. 2) The .css files are downloaded to and interpreted on the user's local computer like .html files. That means that each and every person who looks at your html page will have your css page on their computer, at least for a little. However, both of these workarounds probably won't occur to the average user, so you can still block most people from seeing it.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.