...

View Full Version : HTACCESS to inhibit remote linking



darkannie
06-28-2005, 07:32 PM
I've been running into the problem of different people remote linking images from my site and I'd like to inhibit that, but if possible, to inhibit all but the images or files that I remote link myself. See, I have an mp3 I use from my server for my journal's background music and I'd like for that to stay that way since I don't know any place that will let you remote link from their servers either paid for or free. But anyway, I know I need an HTACCESS file for that but I don't know how to make them. Is there anyone here that could help me?

nikkiH
06-28-2005, 08:55 PM
.htaccess is Apache.
Is your server Apache?

That said, they're pretty simple to make. The server has to be set up for it.
Google rocks.
http://www.google.com/search?biw=1024&hl=en&q=htaccess+hotlink+protection&btnG=Google+Search

If you have problems, I can post my image protection htaccess file when I get home.

darkannie
06-28-2005, 09:16 PM
I'm pretty sure that my server is Apache, because I have another HTACCESS file utilized for SHTML includes and such. And if you don't mind giving me yours that'll be great :thumbsup:

nikkiH
06-29-2005, 02:28 AM
You can't have two in the same directory.
But here's mine from awhile ago. Change the referer in there to your domain. Put in folders with images, but NOT your main directory (an images subfolder, for example).

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?ipwebdesign.net/.*$ [NC]
RewriteRule \.(gif|jpg)$ http://www.ipwebdesign.net/wildAtHeart/bandwidthThief.jpg [R,L]

darkannie
06-29-2005, 03:36 AM
Ok, just to be clear, I CAN use two separate .htaccess files, but just not in the same directory? I know the sort of damage they can do if there's even one mistake made.

nikkiH
06-29-2005, 02:04 PM
Yes, exactly.
You can have one htaccess file per directory, as far as I know.
I would imagine the server would have problems with two in the same directory, but I haven't tested that idea. ;)
Maybe it just grabs the first one, maybe it tries to combine the rules. Maybe it blows up. :p

If I were really curious about how it would handle two in the same directory, I'd look up the Apache docs on that. But I have yet to think I needed that, so I didn't. *grins*

Span
06-29-2005, 07:13 PM
Since you can put all your stuff in one .htaccess there's never a need for two of them in the same directory, is there? And obviously - uploading the second one would simply overwrite the first.

You can add the code above to your existing .htaccess, but you have to allow hotlinking for the 'hotlink' image, so I added a condition:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain\.tld/ [NC]
RewriteCond %{REQUEST_URI} !^/path_to/nohotlinking\.jpg [NC]
RewriteRule \.(gif|jpg)$ http://www.domain.tld/path_to/nohotlinking.jpg [R,L]

If you don't want the redirect to an anti-hotlinking image, use this:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain\.tld/ [NC]
RewriteRule \.(gif|jpg)$ - [F]

That will simply serve a 403 Permission Denied.

nikkiH
06-29-2005, 07:21 PM
And obviously - uploading the second one would simply overwrite the first.

/me smacks self in head.

*sigh*

darkannie
07-09-2005, 01:50 AM
My host told me that I should be able to access my .htaccess file but I can't see it, so I don't know how I'm going to make the changes to it. Not to mention doing something wrong and bringing the entire site down. So much for stopping the hotlinking. Doesn't matter, I'll be shutting down next year
:(

Emperor
07-09-2005, 05:53 AM
Hi darkannie,

This quick article will show you how to view your .htaccess file. It only takes a second.

Cheer Up !

http://www.alpha-ebiz.com/a/a032.php

mrruben5
07-15-2005, 12:29 AM
Directly from the mod_rewrite site:


Description:
Assume we have under http://www.quux-corp.de/~quux/ some pages with inlined GIF graphics. These graphics are nice, so others directly incorporate them via hyperlinks to their pages. We don't like this practice because it adds useless traffic to our server.
Solution:
While we cannot 100% protect the images from inclusion, we can at least restrict the cases where the browser sends a HTTP Referer header.
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.quux-corp.de/~quux/.*$ [NC]
RewriteRule .*\.gif$ - [F]

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !.*/foo-with-gif\.html$
RewriteRule ^inlined-in-foo\.gif$ - [F]

smartcars
07-19-2005, 05:09 PM
Hi. I've tried several versions of this code. Nothing works. Most recently I've tried the one above from Span since it seems to be the most recent. Still doesn't work.

My assumption being that the code can be inserted in the root directory to work, even though images being hotlinked are in sub-folders.

Here's what's in my file now:


RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?allsmartcars\.com/ [NC]
RewriteCond %{REQUEST_URI} !^/hotlinkedtheft\.gif [NC]
RewriteRule \.(jpeg|gif|bmp|png|jpg)$ http://www.allsmartcars.com/hotlinkedtheft.gif [R,L]
ErrorDocument 404 http://www.allsmartcars.com/
ErrorDocument 403 http://www.allsmartcars.com/

I installed the .htaccess in the root directory, that being www.allsmartcars.com/ I still am having no luck. Thanks in advance for someone's help.

Jim

Span
07-19-2005, 06:34 PM
Well, Jim, I just tried to hotlink this image: http://www.allsmartcars.com/graphics/Jul14-05-002.jpg
from this page: http://altlab.com/hotlinking.html and it didn't show. You were looking at a cached image..

Hey.. always make sure to empty your browser cache before testing any change in your .htaccess.

smartcars
07-19-2005, 06:43 PM
I just cleaned my cached and tried your steps above and the image appeared. (now scratching head).

Span
07-20-2005, 01:22 AM
Okay. Looking at the code again I noticed a few things.

First, the third RewriteCond should be written like this:

RewriteCond %{REQUEST_URI} !^hotlinkedtheft\.gif [NC]

No slash in front of "hotlinkedtheft\.gif". My mistake. Not needed in .htaccess, but that can't be the real problem.


Now, your ErrorDocument lines. For some reason (plain blindness, maybe..) I didn't see you used absolute URLs in there. Actually that is not supposed to work at all.. only relative URLs should be there. Relative to the root of your domain. In your case, a slash.

ErrorDocument 404 /
ErrorDocument 403 /

You could try that. But.. using your index page as a 404 is not an 'allsmart' thing to do. Search engines like Google, Yahoo and MSN might see your 404 pages as duplicate content, resulting in ranking much lower. Better make a separate page for your 404s.

smartcars
07-20-2005, 02:32 AM
Thanks for the smart tips. I'll make the changes and let you know.

smartcars
07-20-2005, 12:17 PM
Hi Span,

Well I made the changes and after clearing cache/files/cookies (everything) it still will not work.

Current file copy is as follows (I removed the Error codes for now):


RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?allsmartcars\.com/ [NC]
RewriteCond %{REQUEST_URI} !^graphics/hotlinkedtheft\.gif [NC]
RewriteRule \.(jpeg|gif|bmp|png|jpg)$ http://www.allsmartcars.com/hotlinkedtheft.gif [R,L]

Span
07-20-2005, 02:03 PM
Hi,

I wonder why it worked for me yesterday.. but I changed it a bit, the URL in the RewriteRule is a relative one now. This is a 'silent' internal rewrite. If that doesn't work, I don't know.



RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?allsmartcars\.com [NC]
RewriteCond %{REQUEST_URI} !^graphics/hotlinkedtheft\.gif [NC]
RewriteRule \.(jpeg|gif|bmp|png|jpg)$ /graphics/hotlinkedtheft.gif [L]


The only weak point from this or other no-hotlinking htaccess codes is that it doesn't work for user agents that hide the referer string or are behind some proxy or firewall.

smartcars
07-20-2005, 02:14 PM
Hi Span,

I just tried your re-write. I checked to view http://www.allsmartcars.com/gallery/allsmartcars/commercial_advertising/previewsize/001019.jpg at http://altlab.com/hotlinking.html and was able to view it. I chose that image because I know for sure I haven't viewed.

I'm at a loss.

Jim

Span
07-21-2005, 01:27 PM
Jim, one last possible solution left.. try adding this:

Options +FollowSymLinks

as the first line of your .htaccess. Sometimes that is needed. It might also throw a 500 error or do nothing, but it's worth a try.

darkannie
07-26-2005, 06:29 PM
Since you can put all your stuff in one .htaccess there's never a need for two of them in the same directory, is there? And obviously - uploading the second one would simply overwrite the first.

You can add the code above to your existing .htaccess, but you have to allow hotlinking for the 'hotlink' image, so I added a condition:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain\.tld/ [NC]
RewriteCond %{REQUEST_URI} !^/path_to/nohotlinking\.jpg [NC]
RewriteRule \.(gif|jpg)$ http://www.domain.tld/path_to/nohotlinking.jpg [R,L]

If you don't want the redirect to an anti-hotlinking image, use this:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain\.tld/ [NC]
RewriteRule \.(gif|jpg)$ - [F]

That will simply serve a 403 Permission Denied.




I just have one question, and I'm an idiot, but I'm also a cautious idiot. I just want to be sure before I take that code and put it in the .htaccess file (since I found it, yay!), do I substitute the word domain for my own, or do I need to change anything else? Do I keep the .tld?

Span
07-26-2005, 06:35 PM
Hi,

yes you have to replace "domain\.tld" with your own "darkannie\.net".

.tld is just short for Top Level Domain ;)

darkannie
07-26-2005, 06:37 PM
YAY! Ok, thank you. :D


[edit]

Yay, it worked. Not only do I spare my bandwidth from robbers, but I also have some free advertising! This rocks so hard. Thank you, everyone! Thank you, thank you, thank you!!! :p



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum