Hotlink protection feature interfering with .htaccess

[skulluminati]

I would like to use hotlink protection for a website I administer but allow facebook to pull images for link thumbnails. I've tried enabling hotlink protection and using different variations of the facebook url, maybe I'm not using the right one but it doesn't work for me.

What I want to do is disable hotlink protection in cPanel and use the following in .htaccess

RewriteCond %{HTTP_REFERER} !^http://mysite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://mysite.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com$      [NC]
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?facebook\.com [NC]

However cPanel almost immediately re-enables hotlink protection automatically trying to use my settings from .htaccess and the rewrite condition to allow facebook doesn't work.

Is there a way to block cPanel from handling hotlink protection so I can do this with .htaccess or a way I can properly add facebook to the list of allowed sites in cPanel?

 

[cPanelTristan]

Rather than enabling hotlink protection in cPanel, simply disable it and revise .htaccess manually. I'm uncertain why cPanel would revise your .htaccess directly unless you have hotlinking enabled, and if you don't enable it, you should be able to add whatever entries you would like in .htaccess

 

[skulluminati]

Rather than enabling hotlink protection in cPanel, simply disable it and revise .htaccess manually. I'm uncertain why cPanel would revise your .htaccess directly unless you have hotlinking enabled, and if you don't enable it, you should be able to add whatever entries you would like in .htaccess

When I disable hotlink protection in cPanel and add the previously mentioned code snippet to .htaccess I go back to cPanel and find that hotlink protection is automatically re-enabled with the urls which I have added to .htaccess. the rewrite condition for facebook is included in the allow list as https?://(www\.)?facebook\.com and doesn't work. Disabling hotlink protection in cPanel and manually editing .htaccess is exactly what I've been trying to do. But manually editing .htaccess with these changes seems to automatically re-enable hotlink protection in .htaccess. No matter what I do cPanel seems to take over hotlink protection for me and it isn't working properly. What I need is a way to block cPanel from hijacking this functionality or I need the correct url to add to cPanel's allow list to allow facebook to pull thumbnails. I've tried Welcome to Facebook - Log In, Sign Up or Learn More, https://facebook.com, Welcome to Facebook - Log In, Sign Up or Learn More and https://www.facebook.com none of which allow facebook to pull the thumbnail images.

 

[skulluminati]

Okay I found the problem in .htaccess, what I needed was

RewriteCond %{HTTP_REFERER} .

To allow facebook since it doesn't have a referer. Problem solved.

 

[Ed_alex]

Rather than enabling hotlink protection in cPanel, simply disable it and revise .htaccess manually. I'm uncertain why cPanel would revise your .htaccess directly unless you have hotlinking enabled, and if you don't enable it, you should be able to add whatever entries you would like in .htaccess

Unfortunately, enable and disable does not work. The broken cPanel HotLink Protection Tool is always on and you cannot turn it off since disable is also broken. Thank you.

Please see these threads
WordPress › Support » Broken cPanel HotLink Protection Tool - 404 errors, unable to edit files

WordPress › Support » bulletproof-security.0.47.5 not working

 

[cPanelTristan]

If you believe there is a bug, then please submit a bug report => http://go.cpanel.net/bugs

That is the accepted method for bug submission.

Thanks!