WordPress Toolkit hotlink protection doesn't work

Operating System & Version
CloudLinux 7.9.0
cPanel & WHM Version
100.0.4

docw

Member
Aug 31, 2019
20
4
3
4&Xv>q7cC%[email protected]=Q
cPanel Access Level
Root Administrator
This is a follow-up on this post:

The issue is that the hotlink protection in Toolkit doesn't work for me at all. I have been able to reproduce this issue on multiple servers. This particular example is for a CloudLinux 7.9.0 server running cPanel 100.0.4. The WordPress instance was installed via Toolkit and no changes have been made since it was installed.

When I toggle Enable hotlink protection I get confirmation that hotlink protection is enabled (see image toolkit-hotlink-settings.png). I think enabling the feature is supposed to add the same directives to the website's .htaccess file as cPanel's Hotlink Protection feature adds. If so, the file is not updated.

When I next check the Hotlink Protection page in cPanel is shows that hotlink protection is disabled (see cpanel-hotlink-settings.png).

If I enable hotlink protection in cPanel the .htaccess file is updated correctly:

Code:
# cat ~example/public_html/.htaccess
RewriteEngine on

RewriteCond %{HTTP_REFERER} !^http://example.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://example.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.example.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.example.com$      [NC]
RewriteCond %{HTTP_REFERER} !^https://example.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^https://example.com$      [NC]
RewriteCond %{HTTP_REFERER} !^https://www.example.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^https://www.example.com$      [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]
And if I then disable hotlink protection in Toolkit nothing changes. The hotlink protection rules are still showing in the .htaccess file, and cPanel's Hotlink Protection page still shows that hotlink protection is enabled.

So, at no point does the hotlink protection option in Toolkit do anything, and it never syncs hotlink protection settings with cPanel's Hotlink Protection interface.
 

Attachments