Hotlink protection feature interfering with .htaccess

skulluminati

Registered
Jul 29, 2011
4
0
51
I would like to use hotlink protection for a website I administer but allow facebook to pull images for link thumbnails. I've tried enabling hotlink protection and using different variations of the facebook url, maybe I'm not using the right one but it doesn't work for me.

What I want to do is disable hotlink protection in cPanel and use the following in .htaccess

Code:
RewriteCond %{HTTP_REFERER} !^http://mysite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://mysite.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com$      [NC]
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?facebook\.com [NC]
However cPanel almost immediately re-enables hotlink protection automatically trying to use my settings from .htaccess and the rewrite condition to allow facebook doesn't work.

Is there a way to block cPanel from handling hotlink protection so I can do this with .htaccess or a way I can properly add facebook to the list of allowed sites in cPanel?
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
41
348
somewhere over the rainbow
cPanel Access Level
Root Administrator
Rather than enabling hotlink protection in cPanel, simply disable it and revise .htaccess manually. I'm uncertain why cPanel would revise your .htaccess directly unless you have hotlinking enabled, and if you don't enable it, you should be able to add whatever entries you would like in .htaccess
 

skulluminati

Registered
Jul 29, 2011
4
0
51
Rather than enabling hotlink protection in cPanel, simply disable it and revise .htaccess manually. I'm uncertain why cPanel would revise your .htaccess directly unless you have hotlinking enabled, and if you don't enable it, you should be able to add whatever entries you would like in .htaccess
When I disable hotlink protection in cPanel and add the previously mentioned code snippet to .htaccess I go back to cPanel and find that hotlink protection is automatically re-enabled with the urls which I have added to .htaccess. the rewrite condition for facebook is included in the allow list as https?://(www\.)?facebook\.com and doesn't work. Disabling hotlink protection in cPanel and manually editing .htaccess is exactly what I've been trying to do. But manually editing .htaccess with these changes seems to automatically re-enable hotlink protection in .htaccess. No matter what I do cPanel seems to take over hotlink protection for me and it isn't working properly. What I need is a way to block cPanel from hijacking this functionality or I need the correct url to add to cPanel's allow list to allow facebook to pull thumbnails. I've tried Welcome to Facebook - Log In, Sign Up or Learn More, https://facebook.com, Welcome to Facebook - Log In, Sign Up or Learn More and https://www.facebook.com none of which allow facebook to pull the thumbnail images.
 

skulluminati

Registered
Jul 29, 2011
4
0
51
Okay I found the problem in .htaccess, what I needed was

RewriteCond %{HTTP_REFERER} .

To allow facebook since it doesn't have a referer. Problem solved.
 

Ed_alex

Registered
Oct 23, 2012
3
2
51
cPanel Access Level
Website Owner
Rather than enabling hotlink protection in cPanel, simply disable it and revise .htaccess manually. I'm uncertain why cPanel would revise your .htaccess directly unless you have hotlinking enabled, and if you don't enable it, you should be able to add whatever entries you would like in .htaccess
Unfortunately, enable and disable does not work. The broken cPanel HotLink Protection Tool is always on and you cannot turn it off since disable is also broken. Thank you.

Please see these threads
WordPress › Support » Broken cPanel HotLink Protection Tool - 404 errors, unable to edit files

WordPress › Support » bulletproof-security.0.47.5 not working
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
41
348
somewhere over the rainbow
cPanel Access Level
Root Administrator
If you believe there is a bug, then please submit a bug report => http://go.cpanel.net/bugs

That is the accepted method for bug submission.

Thanks!