How to enable Hotlink Protection, but allow images in eBay auction?

sneader · Jun 10, 2010

This should be easy, but I'm stumped.

Customer would like to prevent people from hotlinking to his images (easy enough to enable in cPanel), however, eBay should still be able to hotlink, so that his self-hosted images show up in the actual eBay auction.

We have tried to add http://cgi.ebay.com and also the full URL to the auction, http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=123123123123&ssPageName=STRK:MESELX:IT but the server still denies access to the images.

There is no explanation or examples given in cPanel for the "URLs to allow access" feature.

The "Help" feature of cPanel says:

You can add or remove the domains that can access all your files by typing in the field beneath Allowed Domains.
Click to expand...

However, there is no "Allowed Domains" field! I'm guessing the help file is old and needs updating.

Help?

- Scott

Infopro · Jun 11, 2010

The box is there, or should be. Two things come to mind, something blocking the code from showing the box in your browser, custom theme?

sneader · Jun 11, 2010

So where exactly on your screen shot, does it say "Allowed Domains" ?

- Scott

Infopro · Jun 11, 2010

sneader said: ↑

So where exactly on your screen shot, does it say "Allowed Domains" ?

- Scott
Click to expand...

Is this a bug report for a typo? Sorry I must have not understood your post.

sneader · Jun 12, 2010

Infopro said: ↑

Is this a bug report for a typo? Sorry I must have not understood your post.
Click to expand...

Perhaps a little of both.

I do not understand how to use the feature, so I could use some help with it.

I tried to use the online help, but it mentions a field called "Allowed domains" and this field does not exist. There is a field called "URLs to allow access", but as you know, a URL is not a domain.

I guess if you can help to explain how to use the feature to solve the problem (block direct hot-linking of images, except to allow eBay to link to them), I can always ask cPanel to fix the documentation later.

Thanks for your assistance.

- Scott

Infopro · Jun 12, 2010

Just guessing here, but right click the image you're displaying at eBay, check the properties and path to the image you're using.
Checking several random items I get these domains here on my end:
i.ebayimg.com/ thumbs3.ebaystatic.com

As for the typo, there's a link at top right corner of the forums called Bugs you might like to use to alert cPanel to that.

HTH

sneader · Jun 13, 2010

If I go to the auction, then right click one of the self-hosted images and choose "View Image Info" (in Firefox), it displays our server's URL. i.e.

http://www.example.com/ebay/item1.jpg

Maybe I should back up a bit. Do you know how the "URLs to allow access" feature works? What is cPanel expecting that you put in there?

If we want to authorize eBay to "hotlink" to the images, and the auction is at http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=123123123123&ssPageName=STRK:MESELX:IT then what should we put in "URLs to allow access"?

http://cgi.ebay.com ?
http://cgi.ebay.com/ws/ ?
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=123123123123&ssPageName=STRK:MESELX:IT
Or something else?
Or maybe it's not possible?

There are no examples given, on the config page, or in the help file, or on the cPanel documentation/wiki site.

- Scott

cPanelDavidG · Jun 14, 2010

Basically, this works on the basis of "if the page requesting this image has the following in its URL, then allow it." So allowing http://cgi.example.com would allow http://cgi.example.com/index.html but not example.com.

This allows you to be very general or very specific with regards to the URLs you want to permit access to displaying your image(s).

sneader · Jun 14, 2010

cPanelDavidG said: ↑

Basically, this works on the basis of "if the page requesting this image has the following in its URL, then allow it." So allowing http://cgi.example.com would allow http://cgi.example.com/index.html but not example.com.
Click to expand...

Sadly, it's definitely not working when we put in http://cgi.example.com. Is this something you'd want a tech to look at via a ticket?

Regarding the help file for Hotlink Protection being old and referencing fields that don't exist anymore, should I also open a bug ticket for that?

Thanks David!

- Scott

cPanelDavidG · Jun 15, 2010

sneader said: ↑

Sadly, it's definitely not working when we put in http://cgi.example.com. Is this something you'd want a tech to look at via a ticket?

Regarding the help file for Hotlink Protection being old and referencing fields that don't exist anymore, should I also open a bug ticket for that?

Thanks David!

- Scott
Click to expand...

This functionality works on the basis of .htaccess files. The .htaccess file being modified is the one in public_html. You should see something like:
Code:
RewriteCond %{HTTP_REFERER} !^http://cgi.example.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://cgi.example.com$      [NC]
RewriteRule .*\.(.*.*)$ - [F,NC]
If you have configured your web browser to not send the HTTP_REFERER header, then this condition will fail and you will be prevented from looking at the image.

First, I'd ensure that the above RewriteCond and RewriteRule lines exist. If not, ensure that hotlink protection is enabled.

If the lines do exist, ensure that the referring URL begins with the address(es) entered. After that, you may want to contact our technical analysts for a more in-depth analysis of the situation.

Forums

The Community Forums

Interact with an entire community of cPanel & WHM users!

How to enable Hotlink Protection, but allow images in eBay auction?

sneader Well-Known Member

Infopro cPanel Sr. Product Evangelist
Staff Member

Attached Files:

htlnkallwaccss.jpg

sneader Well-Known Member

Infopro cPanel Sr. Product Evangelist
Staff Member

sneader Well-Known Member

Infopro cPanel Sr. Product Evangelist
Staff Member

sneader Well-Known Member

cPanelDavidG Technical Product Specialist

sneader Well-Known Member

cPanelDavidG Technical Product Specialist

How to enable IP/~userName/

Enable account login notifications by default

mod_http2 enabled but it is not working

LiveAPI trick so feature is enabled

Check if AutoSSL is enabled

Share This Page

Useful Searches

The Community Forums

Interact with an entire community of cPanel & WHM users!

How to enable Hotlink Protection, but allow images in eBay auction?

sneader Well-Known Member

Infopro cPanel Sr. Product Evangelist Staff Member

Attached Files:

htlnkallwaccss.jpg

sneader Well-Known Member

Infopro cPanel Sr. Product Evangelist Staff Member

sneader Well-Known Member

Infopro cPanel Sr. Product Evangelist Staff Member

sneader Well-Known Member

cPanelDavidG Technical Product Specialist

sneader Well-Known Member

cPanelDavidG Technical Product Specialist

How to enable IP/~userName/

Enable account login notifications by default

mod_http2 enabled but it is not working

LiveAPI trick so feature is enabled

Check if AutoSSL is enabled

Share This Page

Infopro cPanel Sr. Product Evangelist
Staff Member

Infopro cPanel Sr. Product Evangelist
Staff Member

Infopro cPanel Sr. Product Evangelist
Staff Member