The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Question about hotlinking and direct requests

Discussion in 'Security' started by PWSowner, Aug 4, 2004.

  1. PWSowner

    PWSowner Well-Known Member

    Joined:
    Nov 10, 2001
    Messages:
    2,948
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    ON, Canada
    I'm not a new user, but this question fits best here, so here goes. ;)

    In the hotlink section of cpanel, there is a check box to "Allow direct requests". I have a client who is using the hotlink protection and has an unusual situation that I can't figure out. She has hotlinking set up and the box was unchecked. She had no problem viewing the site. I had no problems, and neither did most others, but one person went to the site and couldn't see any of the images on her site. He tried different browsers and ISP's and couldn't see the images. I suggested checking that box and it fixed the problem. Now for the question. Why?

    Here's the page that started it all:
    http://www.celticbug.com/Campbell/Clan.html

    Why would not allowing direct requests stop some from getting the images?
     
  2. linux-image

    linux-image Well-Known Member

    Joined:
    Jun 8, 2004
    Messages:
    1,192
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    Root Administrator
    err.. never come across anything like this .. but sure will like to know. nothing just logical is there in it :(
     
  3. FriedEgg

    FriedEgg Active Member

    Joined:
    Sep 27, 2003
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Washington, DC
    I can't say with certainty, but I suspect the difference is how it handles blank/empty referer fields.

    For example, most people will load images from example.com and send the referer of http://www.example.com/. A direct request, though, would have an empty referer. (And a hotlink would have the domain name of a third party).

    If this user is perhaps using a firewall product with extra privacy features that strip out referers (they're optional), then they wouldn't see the images without the direct requests being allowed. This would also explain why different browsers didn't work. You could check the access log for this user's ip to see what referer they're sending.
     
  4. PWSowner

    PWSowner Well-Known Member

    Joined:
    Nov 10, 2001
    Messages:
    2,948
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    ON, Canada
    You can say with certainty now. :) That explains it. I did notice in the logs that he was getting 403 errors and they had no referrer. I never thought about the idea of the no referrer being the cause. Instead, I was trying to figure out why there was no referrer.

    Thanks
     
Loading...

Share This Page