Page 1 of 1
htaccess - block hotlinking
Posted: Sun Jan 09, 2005 5:17 am
by dogmeat
There's some images on my server that I don't want people to hotlink to. I've been looking into using htaccess to do it, which I know works, but I don't know how. I've found a site that gives examples, but they won't work on my server for some reason. I've tried finding explainations behind the syntax, but I'm not having much luck. The server runs Apache. Here are the examples. I have a feeling that the "(www\.)" portion is the problem, but the variations I've tried don't work. It's pretty hard to code when you don't understand the syntax.
Code: Select all
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?steve.offwhite.net(/)?.*$ [NC]
RewriteRule .*\.(jpg|jpeg)$ http://steve.offwhite.net/no.jpg [R,NC]
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?steve.offwhite.net(/)?.*$ [NC]
RewriteRule .*\.(jpg|jpeg)$ http://steve.offwhite.net/no.jpg [R,NC]
Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?steve.offwhite.net(/)?.*$ [NC]
RewriteRule .*\.(jpg|jpeg)$ http://steve.offwhite.net/no.jpg [R,NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?steve.offwhite.net(/)?.*$ [NC]
RewriteRule .*\.(jpg|jpeg)$ http://steve.offwhite.net/no.jpg [R,NC]
Re: htaccess - block hotlinking
Posted: Sun Jan 09, 2005 10:26 am
by battye
Code: Select all
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?steve.offwhite\.net/ [NC
RewriteCond %{HTTP_REFERER} !^$
RewriteRule \.(jpe?g|gif|bmp|png)$ imagesdir/file.jpg [L]
Have you tried that?
Posted: Sun Jan 09, 2005 2:58 pm
by Vladd44
but dogmeat,
letting them hotlink and changing the images to something else is sooo much more fun....
example.....
http://www.freewebs.com/teenplanethelp/ ... urrcms.htm
His bitchass should have hosted the images himself. But im glad he didnt.
but for a well laid out explanation ....
http://www.clockwatchers.com/htaccess_images.html
Posted: Sun Jan 09, 2005 3:12 pm
by quicksilver
I have to say that is a great idea Vladd , stealing items and bandwidth from other peoples sites is a nasty lazy trick , hope no bushes where hurt
in the making of that pic
Posted: Sun Jan 09, 2005 3:39 pm
by Vladd44
and since this particular one is on a free host, it wouldnt be difficult to put images that would guarantee a termination of site. Makes you vulnerable.
Re: htaccess - block hotlinking
Posted: Sun Jan 09, 2005 4:43 pm
by dogmeat
battye wrote:Code: Select all
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?steve.offwhite\.net/ [NC
RewriteCond %{HTTP_REFERER} !^$
RewriteRule \.(jpe?g|gif|bmp|png)$ imagesdir/file.jpg [L]
Have you tried that?
That won't work. People trying to view images referred by my webpages get error 500. I'm trying to block other referrers.
Wouldn't the fact that my webserver does not have "www" in the begining of the URL have any difference with the second line?
Re: htaccess - block hotlinking
Posted: Mon Jan 10, 2005 3:33 am
by battye
dogmeat wrote:battye wrote:Code: Select all
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?steve.offwhite\.net/ [NC
RewriteCond %{HTTP_REFERER} !^$
RewriteRule \.(jpe?g|gif|bmp|png)$ imagesdir/file.jpg [L]
Have you tried that?
That won't work. People trying to view images referred by my webpages get error 500. I'm trying to block other referrers.
Wouldn't the fact that my webserver does not have "www" in the begining of the URL have any difference with the second line?
Good point, try replacing
Code: Select all
http://(www\.)?steve.offwhite\.net/
with
Posted: Mon Jan 10, 2005 8:09 am
by nesman
Vladd, that's great stuff. I can't believe that he(?) hasn't caught onto that yet.
Good luck, Dog.
Just curious. Have you had problems with hotlinking, or is this just an ounce of prevention?
Posted: Mon Jan 10, 2005 10:56 am
by Vladd44
yes the www would be an issue, essentially its treated like a subdomain.
And nes, yes from time to time i have had people do it, and I enjoy every single time.
Posted: Mon Jan 10, 2005 11:11 am
by dogmeat
nesman wrote:Vladd, that's great stuff. I can't believe that he(?) hasn't caught onto that yet.
Good luck, Dog.
Just curious. Have you had problems with hotlinking, or is this just an ounce of prevention?
I don't want people linking to the Olbrich Gardens photos without actually viewing my website. Hopefully this will decrease the chances of people violating the Olbrich Gardens rules of photograhy with my work. I'd like to avoid a Small Claims Court appearance if at all possible.
I've also been on a security kick lately. I've been reviewing referrers and I didn't like what I saw. Somehow my website was getting hits from Adult Friend Finder and a swingers site. I put an end to that.
Posted: Mon Jan 10, 2005 1:01 pm
by Rat
I finally took the trouble to look at dogmeat's photos because of this thread. It was something I'd been meaning to do for some time as I'm also 'into' photography. The site is well worth a visit.
Nice work Dogmeat.
Brilliant!
Posted: Mon Jan 10, 2005 4:26 pm
by Red XIII
Photo hotlinking used to be a problem of this other forum I was on, I can't remember what the admin did to prevent it from happening again, but I think I could go home and ask him today
Posted: Thu Feb 10, 2005 11:49 am
by KM
rather than messing about with htaccess, why not simply use a php script to load the images through instead of loading them directly?
rather than loading the image from "whatever.jpg" use "images.php?img=whatever" - then you can put the images somewhere either not accessable, or in a folder with a name nobody would guess - so the image could only be loaded via the php script
then just use a php script something along the lines of:
Code: Select all
<?
$image = $_GET['img'];
if ($image && file_exists("secretfolder/$image.jpg") && stristr($_SERVER['HTTP_REFERER'], "steve.offwhite.net"))
{
header('Content-type: image/jpeg');
echo file_get_contents("secretfolder/$image.jpg");
}
else
{
header("Location: http://www.steve.offwhite.net/no.jpg");
}
?>
that should work, but i havent tested it just typed it out here... you'd of course want to have some kind of security (like not letting them use ?img=../../something) - but something simmilar to that would be a possible solution