How to enable Hotlink Protection, but allow images in eBay auction?

sneader

Well-Known Member
Aug 21, 2003
1,183
57
178
La Crosse, WI
cPanel Access Level
Root Administrator
This should be easy, but I'm stumped.

Customer would like to prevent people from hotlinking to his images (easy enough to enable in cPanel), however, eBay should still be able to hotlink, so that his self-hosted images show up in the actual eBay auction.

We have tried to add http://cgi.ebay.com and also the full URL to the auction, http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=123123123123&ssPageName=STRK:MESELX:IT but the server still denies access to the images.

There is no explanation or examples given in cPanel for the "URLs to allow access" feature.

The "Help" feature of cPanel says:

You can add or remove the domains that can access all your files by typing in the field beneath Allowed Domains.
However, there is no "Allowed Domains" field! I'm guessing the help file is old and needs updating.

Help?

- Scott
 

sneader

Well-Known Member
Aug 21, 2003
1,183
57
178
La Crosse, WI
cPanel Access Level
Root Administrator
Is this a bug report for a typo? Sorry I must have not understood your post.
Perhaps a little of both.

I do not understand how to use the feature, so I could use some help with it.

I tried to use the online help, but it mentions a field called "Allowed domains" and this field does not exist. There is a field called "URLs to allow access", but as you know, a URL is not a domain.

I guess if you can help to explain how to use the feature to solve the problem (block direct hot-linking of images, except to allow eBay to link to them), I can always ask cPanel to fix the documentation later.

Thanks for your assistance.

- Scott
 

Infopro

Well-Known Member
May 20, 2003
17,113
511
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
Just guessing here, but right click the image you're displaying at eBay, check the properties and path to the image you're using.
Checking several random items I get these domains here on my end:
i.ebayimg.com/ thumbs3.ebaystatic.com

As for the typo, there's a link at top right corner of the forums called Bugs you might like to use to alert cPanel to that.

HTH
 

sneader

Well-Known Member
Aug 21, 2003
1,183
57
178
La Crosse, WI
cPanel Access Level
Root Administrator
If I go to the auction, then right click one of the self-hosted images and choose "View Image Info" (in Firefox), it displays our server's URL. i.e.

http://www.example.com/ebay/item1.jpg

Maybe I should back up a bit. Do you know how the "URLs to allow access" feature works? What is cPanel expecting that you put in there?

If we want to authorize eBay to "hotlink" to the images, and the auction is at http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=123123123123&ssPageName=STRK:MESELX:IT then what should we put in "URLs to allow access"?

http://cgi.ebay.com ?
http://cgi.ebay.com/ws/ ?
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=123123123123&ssPageName=STRK:MESELX:IT
Or something else?
Or maybe it's not possible?

There are no examples given, on the config page, or in the help file, or on the cPanel documentation/wiki site.

- Scott
 

sneader

Well-Known Member
Aug 21, 2003
1,183
57
178
La Crosse, WI
cPanel Access Level
Root Administrator
Basically, this works on the basis of "if the page requesting this image has the following in its URL, then allow it." So allowing http://cgi.example.com would allow http://cgi.example.com/index.html but not example.com.
Sadly, it's definitely not working when we put in http://cgi.example.com. Is this something you'd want a tech to look at via a ticket?

Regarding the help file for Hotlink Protection being old and referencing fields that don't exist anymore, should I also open a bug ticket for that?

Thanks David!

- Scott
 

cPanelDavidG

Technical Product Specialist
Nov 29, 2006
11,216
12
313
Houston, TX
cPanel Access Level
Root Administrator
Sadly, it's definitely not working when we put in http://cgi.example.com. Is this something you'd want a tech to look at via a ticket?

Regarding the help file for Hotlink Protection being old and referencing fields that don't exist anymore, should I also open a bug ticket for that?

Thanks David!

- Scott
This functionality works on the basis of .htaccess files. The .htaccess file being modified is the one in public_html. You should see something like:

Code:
RewriteCond %{HTTP_REFERER} !^http://cgi.example.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://cgi.example.com$      [NC]
RewriteRule .*\.(.*.*)$ - [F,NC]
If you have configured your web browser to not send the HTTP_REFERER header, then this condition will fail and you will be prevented from looking at the image.

First, I'd ensure that the above RewriteCond and RewriteRule lines exist. If not, ensure that hotlink protection is enabled.

If the lines do exist, ensure that the referring URL begins with the address(es) entered. After that, you may want to contact our technical analysts for a more in-depth analysis of the situation.