The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hotlink protection not working?

Discussion in 'General Discussion' started by DigiCrime, Jul 8, 2003.

  1. DigiCrime

    DigiCrime Well-Known Member

    Joined:
    Nov 27, 2002
    Messages:
    399
    Likes Received:
    0
    Trophy Points:
    16
    I use this for an upload script and allow specific domains to use this, otherwise my bandwidth and server gets some major rapage.

    This is my htaccess file




    --------------------------------------------------------------------------------

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^http://ensim_stlhosting.com.stlhosting.com/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://ksfba.org/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://midwest_stlhosting.com.stlhosting.com/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://mogmhp.com/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://mogmhp.com/forums/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://stlhosting.com/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://teamjackass.com/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://teamjackass.com/forums/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://www.ensim_stlhosting.com.stlhosting.com/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://www.ksfba.org/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://www.ksfba.org/forums/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://www.midwest_stlhosting.com.stlhosting.com/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://www.mogmhp.com/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://www.mogmhp.com/forums/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://www.stlhosting.com/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://www.teamjackass.com/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://www.teamjackass.com/forums/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://www.stlhosting.com/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://www.stlhosting.com/upload/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://www.stlhosting.com/upload/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://stlhosting.com/upload/.*$ [NC]
    RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ http://www.stlhosting.com/hotlink.html [R,NC]


    --------------------------------------------------------------------------------



    ive tried every combination I can think of, with / and without the / and the domains I have allowed which listed above, still show a red X when it comes to the images.... what am I missing here

    cPanel.net Support Ticket Number:
     
  2. Tim Greer

    Tim Greer Well-Known Member

    Joined:
    Aug 11, 2002
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    6
    What you are missing, is the vital first check to even see if there's a referer in the first place:

    RewriteCond %{HTTP_REFERER} !^$

    That will stop checking if there's no referer field before moving on. The referer isn't carried in the variables in all browsers, but even more so, if you come from a bookmark or type it in and don't come from a link (or valid link) and you've effectively denied all people coming from search engines or to your main page from typing the address in their URL location bar. That will fix that. I also recommend using such regex's as:

    RewriteCond %{HTTP_REFERER} !^http://(www\.)?teamjackass\.com.* [NC]

    Note that this optionally allows for www.domain.com, it makes the .dots into actual dots (otherwise . means "any character other than a new line"). and I've removed the trailing forward slash from the end of the domain's URL (since IE and other browsers don't automatically resolve the domain to it's root directory if you type just domain.com). That will also help ensure that you don't get invalid matches that will fail to load the images.

    Keep in mind, that does open a way for other sites to add subdomains as yourdomain.com.theirdomain.com and link to your site, so you can just ignore any accesses that don't look legitimate:

    RewriteCond %{HTTP_REFERER} !^http://(www\.)?teamjackass\.com[^\.].* [NC]

    The [^\.] will only match URL's that don't have http://www.domain.com. (etc.), i.e., if the URL for the domain ends in a dot. Of course, people can still put in a referer as:

    http://www.yourdomain.com@theirdomain.com, so you will want to check against that too:

    RewriteCond %{HTTP_REFERER} !^http://(www\.)?teamjackass\.com[^\.@].* [NC]

    Of course, this is just examples, they are ideas and not meant to work, this is just off the top of my head. Of course, this is also all very trivial anyway, since the referer and be faked and people can just download the images anyway.

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page