htaccess - block hotlinking

[dogmeat]

There's some images on my server that I don't want people to hotlink to. I've been looking into using htaccess to do it, which I know works, but I don't know how. I've found a site that gives examples, but they won't work on my server for some reason. I've tried finding explainations behind the syntax, but I'm not having much luck. The server runs Apache. Here are the examples. I have a feeling that the "(www\.)" portion is the problem, but the variations I've tried don't work. It's pretty hard to code when you don't understand the syntax.

Code: Select all

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?steve.offwhite.net(/)?.*$     [NC]
RewriteRule .*\.(jpg|jpeg)$ http://steve.offwhite.net/no.jpg [R,NC]

Options +FollowSymlinks
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?steve.offwhite.net(/)?.*$     [NC]
RewriteRule .*\.(jpg|jpeg)$ http://steve.offwhite.net/no.jpg [R,NC]

Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?steve.offwhite.net(/)?.*$     [NC]
RewriteRule .*\.(jpg|jpeg)$ http://steve.offwhite.net/no.jpg [R,NC]

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?steve.offwhite.net(/)?.*$     [NC]
RewriteRule .*\.(jpg|jpeg)$ http://steve.offwhite.net/no.jpg [R,NC]

[battye]

Code: Select all

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?steve.offwhite\.net/ [NC
RewriteCond %{HTTP_REFERER} !^$
RewriteRule \.(jpe?g|gif|bmp|png)$ imagesdir/file.jpg [L]

Have you tried that?

[Vladd44]

but dogmeat,

letting them hotlink and changing the images to something else is sooo much more fun....

example.....

http://www.freewebs.com/teenplanethelp/ ... urrcms.htm

His bitchass should have hosted the images himself. But im glad he didnt.



but for a well laid out explanation .... http://www.clockwatchers.com/htaccess_images.html

[quicksilver]

I have to say that is a great idea Vladd , stealing items and bandwidth from other peoples sites is a nasty lazy trick , hope no bushes where hurt
in the making of that pic

[Vladd44]

and since this particular one is on a free host, it wouldnt be difficult to put images that would guarantee a termination of site. Makes you vulnerable.

[dogmeat]

Code: Select all

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?steve.offwhite\.net/ [NC
RewriteCond %{HTTP_REFERER} !^$
RewriteRule \.(jpe?g|gif|bmp|png)$ imagesdir/file.jpg [L]

Have you tried that?

That won't work. People trying to view images referred by my webpages get error 500. I'm trying to block other referrers.

Wouldn't the fact that my webserver does not have "www" in the begining of the URL have any difference with the second line?

[battye]

Code: Select all

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?steve.offwhite\.net/ [NC
RewriteCond %{HTTP_REFERER} !^$
RewriteRule \.(jpe?g|gif|bmp|png)$ imagesdir/file.jpg [L]

Have you tried that?

That won't work. People trying to view images referred by my webpages get error 500. I'm trying to block other referrers.

Wouldn't the fact that my webserver does not have "www" in the begining of the URL have any difference with the second line?

Good point, try replacing

Code: Select all

http://(www\.)?steve.offwhite\.net/

with

Code: Select all

http://steve.offwhite\.net/

[nesman]

Vladd, that's great stuff. I can't believe that he(?) hasn't caught onto that yet.

Good luck, Dog.

Just curious. Have you had problems with hotlinking, or is this just an ounce of prevention?

[Vladd44]

yes the www would be an issue, essentially its treated like a subdomain.

And nes, yes from time to time i have had people do it, and I enjoy every single time.

[dogmeat]

Vladd, that's great stuff. I can't believe that he(?) hasn't caught onto that yet.

Good luck, Dog.

Just curious. Have you had problems with hotlinking, or is this just an ounce of prevention?

I don't want people linking to the Olbrich Gardens photos without actually viewing my website. Hopefully this will decrease the chances of people violating the Olbrich Gardens rules of photograhy with my work. I'd like to avoid a Small Claims Court appearance if at all possible.

I've also been on a security kick lately. I've been reviewing referrers and I didn't like what I saw. Somehow my website was getting hits from Adult Friend Finder and a swingers site. I put an end to that.

[Rat]

I finally took the trouble to look at dogmeat's photos because of this thread. It was something I'd been meaning to do for some time as I'm also 'into' photography. The site is well worth a visit.

Nice work Dogmeat.
Brilliant!

[Red XIII]

Photo hotlinking used to be a problem of this other forum I was on, I can't remember what the admin did to prevent it from happening again, but I think I could go home and ask him today

[KM]

rather than messing about with htaccess, why not simply use a php script to load the images through instead of loading them directly?

rather than loading the image from "whatever.jpg" use "images.php?img=whatever" - then you can put the images somewhere either not accessable, or in a folder with a name nobody would guess - so the image could only be loaded via the php script

then just use a php script something along the lines of:

Code: Select all

<?
$image = $_GET['img'];
if ($image && file_exists("secretfolder/$image.jpg") && stristr($_SERVER['HTTP_REFERER'], "steve.offwhite.net"))
{
   header('Content-type: image/jpeg');
   echo file_get_contents("secretfolder/$image.jpg");
}
else
{
   header("Location: http://www.steve.offwhite.net/no.jpg");
}
?>

that should work, but i havent tested it just typed it out here... you'd of course want to have some kind of security (like not letting them use ?img=../../something) - but something simmilar to that would be a possible solution