How to enable Hotlink Protection, but allow images in eBay auction?

[sneader]

This should be easy, but I'm stumped.

Customer would like to prevent people from hotlinking to his images (easy enough to enable in cPanel), however, eBay should still be able to hotlink, so that his self-hosted images show up in the actual eBay auction.

We have tried to add http://cgi.ebay.com and also the full URL to the auction, http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=123123123123&ssPageName=STRK:MESELX:IT but the server still denies access to the images.

There is no explanation or examples given in cPanel for the "URLs to allow access" feature.

The "Help" feature of cPanel says:

You can add or remove the domains that can access all your files by typing in the field beneath Allowed Domains.

However, there is no "Allowed Domains" field! I'm guessing the help file is old and needs updating.

Help?

- Scott

 

[Infopro]

The box is there, or should be. Two things come to mind, something blocking the code from showing the box in your browser, custom theme?

 

[sneader]

So where exactly on your screen shot, does it say "Allowed Domains" ?

- Scott

 

[Infopro]

So where exactly on your screen shot, does it say "Allowed Domains" ?

- Scott

Is this a bug report for a typo? Sorry I must have not understood your post.

 

[sneader]

Is this a bug report for a typo? Sorry I must have not understood your post.

Perhaps a little of both.

I do not understand how to use the feature, so I could use some help with it.

I tried to use the online help, but it mentions a field called "Allowed domains" and this field does not exist. There is a field called "URLs to allow access", but as you know, a URL is not a domain.

I guess if you can help to explain how to use the feature to solve the problem (block direct hot-linking of images, except to allow eBay to link to them), I can always ask cPanel to fix the documentation later.

Thanks for your assistance.

- Scott

 

[Infopro]

Just guessing here, but right click the image you're displaying at eBay, check the properties and path to the image you're using.
Checking several random items I get these domains here on my end:
i.ebayimg.com/ thumbs3.ebaystatic.com

As for the typo, there's a link at top right corner of the forums called Bugs you might like to use to alert cPanel to that.

HTH

 

[sneader]

If I go to the auction, then right click one of the self-hosted images and choose "View Image Info" (in Firefox), it displays our server's URL. i.e.

http://www.example.com/ebay/item1.jpg

Maybe I should back up a bit. Do you know how the "URLs to allow access" feature works? What is cPanel expecting that you put in there?

If we want to authorize eBay to "hotlink" to the images, and the auction is at http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=123123123123&ssPageName=STRK:MESELX:IT then what should we put in "URLs to allow access"?

http://cgi.ebay.com ?
http://cgi.ebay.com/ws/ ?
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=123123123123&ssPageName=STRK:MESELX:IT
Or something else?
Or maybe it's not possible?

There are no examples given, on the config page, or in the help file, or on the cPanel documentation/wiki site.

- Scott

 

[cPanelDavidG]

Basically, this works on the basis of "if the page requesting this image has the following in its URL, then allow it." So allowing http://cgi.example.com would allow http://cgi.example.com/index.html but not example.com.

This allows you to be very general or very specific with regards to the URLs you want to permit access to displaying your image(s).

 

[sneader]

Basically, this works on the basis of "if the page requesting this image has the following in its URL, then allow it." So allowing http://cgi.example.com would allow http://cgi.example.com/index.html but not example.com.

Sadly, it's definitely not working when we put in http://cgi.example.com. Is this something you'd want a tech to look at via a ticket?

Regarding the help file for Hotlink Protection being old and referencing fields that don't exist anymore, should I also open a bug ticket for that?

Thanks David!

- Scott

 

[cPanelDavidG]

Sadly, it's definitely not working when we put in http://cgi.example.com. Is this something you'd want a tech to look at via a ticket?

Regarding the help file for Hotlink Protection being old and referencing fields that don't exist anymore, should I also open a bug ticket for that?

Thanks David!

- Scott

This functionality works on the basis of .htaccess files. The .htaccess file being modified is the one in public_html. You should see something like:

RewriteCond %{HTTP_REFERER} !^http://cgi.example.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://cgi.example.com$      [NC]
RewriteRule .*\.(.*.*)$ - [F,NC]

If you have configured your web browser to not send the HTTP_REFERER header, then this condition will fail and you will be prevented from looking at the image.

First, I'd ensure that the above RewriteCond and RewriteRule lines exist. If not, ensure that hotlink protection is enabled.

If the lines do exist, ensure that the referring URL begins with the address(es) entered. After that, you may want to contact our technical analysts for a more in-depth analysis of the situation.