Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

How to enable Hotlink Protection, but allow images in eBay auction?

Discussion in 'General Discussion' started by sneader, Jun 10, 2010.

  1. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,154
    Likes Received:
    38
    Trophy Points:
    178
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    This should be easy, but I'm stumped.

    Customer would like to prevent people from hotlinking to his images (easy enough to enable in cPanel), however, eBay should still be able to hotlink, so that his self-hosted images show up in the actual eBay auction.

    We have tried to add http://cgi.ebay.com and also the full URL to the auction, http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=123123123123&ssPageName=STRK:MESELX:IT but the server still denies access to the images.

    There is no explanation or examples given in cPanel for the "URLs to allow access" feature.

    The "Help" feature of cPanel says:

    However, there is no "Allowed Domains" field! I'm guessing the help file is old and needs updating.

    Help?

    - Scott
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,235
    Likes Received:
    384
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    The box is there, or should be. Two things come to mind, something blocking the code from showing the box in your browser, custom theme?
     

    Attached Files:

    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,154
    Likes Received:
    38
    Trophy Points:
    178
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    So where exactly on your screen shot, does it say "Allowed Domains" ?

    - Scott
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,235
    Likes Received:
    384
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Is this a bug report for a typo? Sorry I must have not understood your post.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,154
    Likes Received:
    38
    Trophy Points:
    178
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    Perhaps a little of both.

    I do not understand how to use the feature, so I could use some help with it.

    I tried to use the online help, but it mentions a field called "Allowed domains" and this field does not exist. There is a field called "URLs to allow access", but as you know, a URL is not a domain.

    I guess if you can help to explain how to use the feature to solve the problem (block direct hot-linking of images, except to allow eBay to link to them), I can always ask cPanel to fix the documentation later.

    Thanks for your assistance.

    - Scott
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,235
    Likes Received:
    384
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Just guessing here, but right click the image you're displaying at eBay, check the properties and path to the image you're using.
    Checking several random items I get these domains here on my end:
    i.ebayimg.com/ thumbs3.ebaystatic.com

    As for the typo, there's a link at top right corner of the forums called Bugs you might like to use to alert cPanel to that.

    HTH
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,154
    Likes Received:
    38
    Trophy Points:
    178
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    If I go to the auction, then right click one of the self-hosted images and choose "View Image Info" (in Firefox), it displays our server's URL. i.e.

    http://www.example.com/ebay/item1.jpg

    Maybe I should back up a bit. Do you know how the "URLs to allow access" feature works? What is cPanel expecting that you put in there?

    If we want to authorize eBay to "hotlink" to the images, and the auction is at http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=123123123123&ssPageName=STRK:MESELX:IT then what should we put in "URLs to allow access"?

    http://cgi.ebay.com ?
    http://cgi.ebay.com/ws/ ?
    http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=123123123123&ssPageName=STRK:MESELX:IT
    Or something else?
    Or maybe it's not possible?

    There are no examples given, on the config page, or in the help file, or on the cPanel documentation/wiki site.

    - Scott
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,216
    Likes Received:
    10
    Trophy Points:
    313
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Basically, this works on the basis of "if the page requesting this image has the following in its URL, then allow it." So allowing http://cgi.example.com would allow http://cgi.example.com/index.html but not example.com.

    This allows you to be very general or very specific with regards to the URLs you want to permit access to displaying your image(s).
     
  9. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,154
    Likes Received:
    38
    Trophy Points:
    178
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    Sadly, it's definitely not working when we put in http://cgi.example.com. Is this something you'd want a tech to look at via a ticket?

    Regarding the help file for Hotlink Protection being old and referencing fields that don't exist anymore, should I also open a bug ticket for that?

    Thanks David!

    - Scott
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,216
    Likes Received:
    10
    Trophy Points:
    313
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    This functionality works on the basis of .htaccess files. The .htaccess file being modified is the one in public_html. You should see something like:

    Code:
    RewriteCond %{HTTP_REFERER} !^http://cgi.example.com/.*$      [NC]
    RewriteCond %{HTTP_REFERER} !^http://cgi.example.com$      [NC]
    RewriteRule .*\.(.*.*)$ - [F,NC]
    If you have configured your web browser to not send the HTTP_REFERER header, then this condition will fail and you will be prevented from looking at the image.

    First, I'd ensure that the above RewriteCond and RewriteRule lines exist. If not, ensure that hotlink protection is enabled.

    If the lines do exist, ensure that the referring URL begins with the address(es) entered. After that, you may want to contact our technical analysts for a more in-depth analysis of the situation.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice