Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 2 12 LastLast
Results 1 to 15 of 23
  1. #1
    New Coder
    Join Date
    Mar 2003
    Posts
    71
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Question HTACCESS to inhibit remote linking

    I've been running into the problem of different people remote linking images from my site and I'd like to inhibit that, but if possible, to inhibit all but the images or files that I remote link myself. See, I have an mp3 I use from my server for my journal's background music and I'd like for that to stay that way since I don't know any place that will let you remote link from their servers either paid for or free. But anyway, I know I need an HTACCESS file for that but I don't know how to make them. Is there anyone here that could help me?

  • #2
    Senior Coder nikkiH's Avatar
    Join Date
    Jun 2005
    Location
    Near Chicago, IL, USA
    Posts
    1,973
    Thanks
    1
    Thanked 32 Times in 31 Posts
    .htaccess is Apache.
    Is your server Apache?

    That said, they're pretty simple to make. The server has to be set up for it.
    Google rocks.
    http://www.google.com/search?biw=102...=Google+Search

    If you have problems, I can post my image protection htaccess file when I get home.

    If this post contains any code, I may or may not have tested it. It's probably just example code, so no getting knickers in a bunch over a typo, OK? If it doesn't have basic error checking in it, such as object detection or checking if objects are null before using them, put that in there. I'm giving examples, not typing up your whole app for you. You run code at your own risk.
    Bored? Visit
    http://www.kaelisspace.com/

  • #3
    New Coder
    Join Date
    Mar 2003
    Posts
    71
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I'm pretty sure that my server is Apache, because I have another HTACCESS file utilized for SHTML includes and such. And if you don't mind giving me yours that'll be great

  • #4
    Senior Coder nikkiH's Avatar
    Join Date
    Jun 2005
    Location
    Near Chicago, IL, USA
    Posts
    1,973
    Thanks
    1
    Thanked 32 Times in 31 Posts
    You can't have two in the same directory.
    But here's mine from awhile ago. Change the referer in there to your domain. Put in folders with images, but NOT your main directory (an images subfolder, for example).

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?ipwebdesign.net/.*$ [NC]
    RewriteRule \.(gif|jpg)$ http://www.ipwebdesign.net/wildAtHea...widthThief.jpg [R,L]

    If this post contains any code, I may or may not have tested it. It's probably just example code, so no getting knickers in a bunch over a typo, OK? If it doesn't have basic error checking in it, such as object detection or checking if objects are null before using them, put that in there. I'm giving examples, not typing up your whole app for you. You run code at your own risk.
    Bored? Visit
    http://www.kaelisspace.com/

  • #5
    New Coder
    Join Date
    Mar 2003
    Posts
    71
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Ok, just to be clear, I CAN use two separate .htaccess files, but just not in the same directory? I know the sort of damage they can do if there's even one mistake made.

  • #6
    Senior Coder nikkiH's Avatar
    Join Date
    Jun 2005
    Location
    Near Chicago, IL, USA
    Posts
    1,973
    Thanks
    1
    Thanked 32 Times in 31 Posts
    Yes, exactly.
    You can have one htaccess file per directory, as far as I know.
    I would imagine the server would have problems with two in the same directory, but I haven't tested that idea.
    Maybe it just grabs the first one, maybe it tries to combine the rules. Maybe it blows up.

    If I were really curious about how it would handle two in the same directory, I'd look up the Apache docs on that. But I have yet to think I needed that, so I didn't. *grins*

    If this post contains any code, I may or may not have tested it. It's probably just example code, so no getting knickers in a bunch over a typo, OK? If it doesn't have basic error checking in it, such as object detection or checking if objects are null before using them, put that in there. I'm giving examples, not typing up your whole app for you. You run code at your own risk.
    Bored? Visit
    http://www.kaelisspace.com/

  • #7
    Regular Coder
    Join Date
    May 2004
    Posts
    121
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Since you can put all your stuff in one .htaccess there's never a need for two of them in the same directory, is there? And obviously - uploading the second one would simply overwrite the first.

    You can add the code above to your existing .htaccess, but you have to allow hotlinking for the 'hotlink' image, so I added a condition:

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain\.tld/ [NC]
    RewriteCond %{REQUEST_URI} !^/path_to/nohotlinking\.jpg [NC]
    RewriteRule \.(gif|jpg)$ http://www.domain.tld/path_to/nohotlinking.jpg [R,L]

    If you don't want the redirect to an anti-hotlinking image, use this:

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain\.tld/ [NC]
    RewriteRule \.(gif|jpg)$ - [F]

    That will simply serve a 403 Permission Denied.

  • #8
    Senior Coder nikkiH's Avatar
    Join Date
    Jun 2005
    Location
    Near Chicago, IL, USA
    Posts
    1,973
    Thanks
    1
    Thanked 32 Times in 31 Posts
    And obviously - uploading the second one would simply overwrite the first.

    /me smacks self in head.

    *sigh*

    If this post contains any code, I may or may not have tested it. It's probably just example code, so no getting knickers in a bunch over a typo, OK? If it doesn't have basic error checking in it, such as object detection or checking if objects are null before using them, put that in there. I'm giving examples, not typing up your whole app for you. You run code at your own risk.
    Bored? Visit
    http://www.kaelisspace.com/

  • #9
    New Coder
    Join Date
    Mar 2003
    Posts
    71
    Thanks
    0
    Thanked 0 Times in 0 Posts
    My host told me that I should be able to access my .htaccess file but I can't see it, so I don't know how I'm going to make the changes to it. Not to mention doing something wrong and bringing the entire site down. So much for stopping the hotlinking. Doesn't matter, I'll be shutting down next year

  • #10
    New Coder
    Join Date
    Jul 2005
    Location
    New York
    Posts
    31
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hi darkannie,

    This quick article will show you how to view your .htaccess file. It only takes a second.

    Cheer Up !

    http://www.alpha-ebiz.com/a/a032.php

  • #11
    Regular Coder
    Join Date
    Nov 2004
    Location
    The Netherlands
    Posts
    551
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Directly from the mod_rewrite site:

    Description:
    Assume we have under http://www.quux-corp.de/~quux/ some pages with inlined GIF graphics. These graphics are nice, so others directly incorporate them via hyperlinks to their pages. We don't like this practice because it adds useless traffic to our server.
    Solution:
    While we cannot 100% protect the images from inclusion, we can at least restrict the cases where the browser sends a HTTP Referer header.
    Code:
    RewriteCond %{HTTP_REFERER} !^$                                  
    RewriteCond %{HTTP_REFERER} !^http://www.quux-corp.de/~quux/.*$ [NC]
    RewriteRule .*\.gif$        -                                    [F]
    
    RewriteCond %{HTTP_REFERER}         !^$                                  
    RewriteCond %{HTTP_REFERER}         !.*/foo-with-gif\.html$
    RewriteRule ^inlined-in-foo\.gif$   -                        [F]
    CATdude about IE6: "All your box-model are belong to us"

  • #12
    New to the CF scene
    Join Date
    Jul 2005
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hi. I've tried several versions of this code. Nothing works. Most recently I've tried the one above from Span since it seems to be the most recent. Still doesn't work.

    My assumption being that the code can be inserted in the root directory to work, even though images being hotlinked are in sub-folders.

    Here's what's in my file now:

    Code:
    RewriteEngine On
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?allsmartcars\.com/ [NC]
    RewriteCond %{REQUEST_URI} !^/hotlinkedtheft\.gif [NC]
    RewriteRule \.(jpeg|gif|bmp|png|jpg)$ http://www.allsmartcars.com/hotlinkedtheft.gif [R,L]
    ErrorDocument 404 http://www.allsmartcars.com/
    ErrorDocument 403 http://www.allsmartcars.com/
    I installed the .htaccess in the root directory, that being www.allsmartcars.com/ I still am having no luck. Thanks in advance for someone's help.

    Jim

  • #13
    Regular Coder
    Join Date
    May 2004
    Posts
    121
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Well, Jim, I just tried to hotlink this image: http://www.allsmartcars.com/graphics/Jul14-05-002.jpg
    from this page: http://altlab.com/hotlinking.html and it didn't show. You were looking at a cached image..

    Hey.. always make sure to empty your browser cache before testing any change in your .htaccess.

  • #14
    New to the CF scene
    Join Date
    Jul 2005
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I just cleaned my cached and tried your steps above and the image appeared. (now scratching head).

  • #15
    Regular Coder
    Join Date
    May 2004
    Posts
    121
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Okay. Looking at the code again I noticed a few things.

    First, the third RewriteCond should be written like this:

    RewriteCond %{REQUEST_URI} !^hotlinkedtheft\.gif [NC]

    No slash in front of "hotlinkedtheft\.gif". My mistake. Not needed in .htaccess, but that can't be the real problem.


    Now, your ErrorDocument lines. For some reason (plain blindness, maybe..) I didn't see you used absolute URLs in there. Actually that is not supposed to work at all.. only relative URLs should be there. Relative to the root of your domain. In your case, a slash.

    ErrorDocument 404 /
    ErrorDocument 403 /

    You could try that. But.. using your index page as a 404 is not an 'allsmart' thing to do. Search engines like Google, Yahoo and MSN might see your 404 pages as duplicate content, resulting in ranking much lower. Better make a separate page for your 404s.


  •  
    Page 1 of 2 12 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •