The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to enable Hotlink Protection, but allow images in eBay auction?

Discussion in 'General Discussion' started by sneader, Jun 10, 2010.

  1. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,126
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    This should be easy, but I'm stumped.

    Customer would like to prevent people from hotlinking to his images (easy enough to enable in cPanel), however, eBay should still be able to hotlink, so that his self-hosted images show up in the actual eBay auction.

    We have tried to add http://cgi.ebay.com and also the full URL to the auction, http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=123123123123&ssPageName=STRK:MESELX:IT but the server still denies access to the images.

    There is no explanation or examples given in cPanel for the "URLs to allow access" feature.

    The "Help" feature of cPanel says:

    However, there is no "Allowed Domains" field! I'm guessing the help file is old and needs updating.

    Help?

    - Scott
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,451
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    The box is there, or should be. Two things come to mind, something blocking the code from showing the box in your browser, custom theme?
     

    Attached Files:

  3. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,126
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    So where exactly on your screen shot, does it say "Allowed Domains" ?

    - Scott
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,451
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Is this a bug report for a typo? Sorry I must have not understood your post.
     
  5. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,126
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    Perhaps a little of both.

    I do not understand how to use the feature, so I could use some help with it.

    I tried to use the online help, but it mentions a field called "Allowed domains" and this field does not exist. There is a field called "URLs to allow access", but as you know, a URL is not a domain.

    I guess if you can help to explain how to use the feature to solve the problem (block direct hot-linking of images, except to allow eBay to link to them), I can always ask cPanel to fix the documentation later.

    Thanks for your assistance.

    - Scott
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,451
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Just guessing here, but right click the image you're displaying at eBay, check the properties and path to the image you're using.
    Checking several random items I get these domains here on my end:
    i.ebayimg.com/ thumbs3.ebaystatic.com

    As for the typo, there's a link at top right corner of the forums called Bugs you might like to use to alert cPanel to that.

    HTH
     
  7. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,126
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    If I go to the auction, then right click one of the self-hosted images and choose "View Image Info" (in Firefox), it displays our server's URL. i.e.

    http://www.example.com/ebay/item1.jpg

    Maybe I should back up a bit. Do you know how the "URLs to allow access" feature works? What is cPanel expecting that you put in there?

    If we want to authorize eBay to "hotlink" to the images, and the auction is at http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=123123123123&ssPageName=STRK:MESELX:IT then what should we put in "URLs to allow access"?

    http://cgi.ebay.com ?
    http://cgi.ebay.com/ws/ ?
    http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=123123123123&ssPageName=STRK:MESELX:IT
    Or something else?
    Or maybe it's not possible?

    There are no examples given, on the config page, or in the help file, or on the cPanel documentation/wiki site.

    - Scott
     
  8. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Basically, this works on the basis of "if the page requesting this image has the following in its URL, then allow it." So allowing http://cgi.example.com would allow http://cgi.example.com/index.html but not example.com.

    This allows you to be very general or very specific with regards to the URLs you want to permit access to displaying your image(s).
     
  9. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,126
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    Sadly, it's definitely not working when we put in http://cgi.example.com. Is this something you'd want a tech to look at via a ticket?

    Regarding the help file for Hotlink Protection being old and referencing fields that don't exist anymore, should I also open a bug ticket for that?

    Thanks David!

    - Scott
     
  10. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    This functionality works on the basis of .htaccess files. The .htaccess file being modified is the one in public_html. You should see something like:

    Code:
    RewriteCond %{HTTP_REFERER} !^http://cgi.example.com/.*$      [NC]
    RewriteCond %{HTTP_REFERER} !^http://cgi.example.com$      [NC]
    RewriteRule .*\.(.*.*)$ - [F,NC]
    If you have configured your web browser to not send the HTTP_REFERER header, then this condition will fail and you will be prevented from looking at the image.

    First, I'd ensure that the above RewriteCond and RewriteRule lines exist. If not, ensure that hotlink protection is enabled.

    If the lines do exist, ensure that the referring URL begins with the address(es) entered. After that, you may want to contact our technical analysts for a more in-depth analysis of the situation.
     
Loading...

Share This Page