HTACCESS to inhibit remote linking

darkannie · 06-28-2005, 07:32 PM

I've been running into the problem of different people remote linking images from my site and I'd like to inhibit that, but if possible, to inhibit all but the images or files that I remote link myself. See, I have an mp3 I use from my server for my journal's background music and I'd like for that to stay that way since I don't know any place that will let you remote link from their servers either paid for or free. But anyway, I know I need an HTACCESS file for that but I don't know how to make them. Is there anyone here that could help me?

nikkiH · 06-28-2005, 08:55 PM

.htaccess is Apache.
Is your server Apache?

That said, they're pretty simple to make. The server has to be set up for it.
Google rocks.
http://www.google.com/search?biw=102...=Google+Search

If you have problems, I can post my image protection htaccess file when I get home.

darkannie · 06-28-2005, 09:16 PM

I'm pretty sure that my server is Apache, because I have another HTACCESS file utilized for SHTML includes and such. And if you don't mind giving me yours that'll be great

nikkiH · 06-29-2005, 02:28 AM

You can't have two in the same directory.
But here's mine from awhile ago. Change the referer in there to your domain. Put in folders with images, but NOT your main directory (an images subfolder, for example).

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?ipwebdesign.net/.*$ [NC]
RewriteRule \.(gif|jpg)$ http://www.ipwebdesign.net/wildAtHea...widthThief.jpg [R,L]

darkannie · 06-29-2005, 03:36 AM

Ok, just to be clear, I CAN use two separate .htaccess files, but just not in the same directory? I know the sort of damage they can do if there's even one mistake made.

nikkiH · 06-29-2005, 02:04 PM

Yes, exactly.
You can have one htaccess file per directory, as far as I know.
I would imagine the server would have problems with two in the same directory, but I haven't tested that idea.

Maybe it just grabs the first one, maybe it tries to combine the rules. Maybe it blows up.

If I were really curious about how it would handle two in the same directory, I'd look up the Apache docs on that. But I have yet to think I needed that, so I didn't. *grins*

Span · 06-29-2005, 07:13 PM

Since you can put all your stuff in one .htaccess there's never a need for two of them in the same directory, is there? And obviously - uploading the second one would simply overwrite the first.

You can add the code above to your existing .htaccess, but you have to allow hotlinking for the 'hotlink' image, so I added a condition:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain\.tld/ [NC]
RewriteCond %{REQUEST_URI} !^/path_to/nohotlinking\.jpg [NC]
RewriteRule \.(gif|jpg)$ http://www.domain.tld/path_to/nohotlinking.jpg [R,L]

If you don't want the redirect to an anti-hotlinking image, use this:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain\.tld/ [NC]
RewriteRule \.(gif|jpg)$ - [F]

That will simply serve a 403 Permission Denied.

nikkiH · 06-29-2005, 07:21 PM

And obviously - uploading the second one would simply overwrite the first.

/me smacks self in head.

*sigh*

darkannie · 07-09-2005, 01:50 AM

My host told me that I should be able to access my .htaccess file but I can't see it, so I don't know how I'm going to make the changes to it. Not to mention doing something wrong and bringing the entire site down. So much for stopping the hotlinking. Doesn't matter, I'll be shutting down next year

Emperor · 07-09-2005, 05:53 AM

Hi darkannie,

This quick article will show you how to view your .htaccess file. It only takes a second.

Cheer Up !

http://www.alpha-ebiz.com/a/a032.php

mrruben5 · 07-15-2005, 12:29 AM

Directly from the mod_rewrite site:

Quote:

Description:
Assume we have under http://www.quux-corp.de/~quux/ some pages with inlined GIF graphics. These graphics are nice, so others directly incorporate them via hyperlinks to their pages. We don't like this practice because it adds useless traffic to our server.
Solution:
While we cannot 100% protect the images from inclusion, we can at least restrict the cases where the browser sends a HTTP Referer header.

Code:

RewriteCond %{HTTP_REFERER} !^$                                  
RewriteCond %{HTTP_REFERER} !^http://www.quux-corp.de/~quux/.*$ [NC]
RewriteRule .*\.gif$        -                                    [F]

RewriteCond %{HTTP_REFERER}         !^$                                  
RewriteCond %{HTTP_REFERER}         !.*/foo-with-gif\.html$
RewriteRule ^inlined-in-foo\.gif$   -                        [F]

smartcars · 07-19-2005, 05:09 PM

Hi. I've tried several versions of this code. Nothing works. Most recently I've tried the one above from Span since it seems to be the most recent. Still doesn't work.

My assumption being that the code can be inserted in the root directory to work, even though images being hotlinked are in sub-folders.

Here's what's in my file now:

Code:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?allsmartcars\.com/ [NC]
RewriteCond %{REQUEST_URI} !^/hotlinkedtheft\.gif [NC]
RewriteRule \.(jpeg|gif|bmp|png|jpg)$ http://www.allsmartcars.com/hotlinkedtheft.gif [R,L]
ErrorDocument 404 http://www.allsmartcars.com/
ErrorDocument 403 http://www.allsmartcars.com/

I installed the .htaccess in the root directory, that being www.allsmartcars.com/ I still am having no luck. Thanks in advance for someone's help.

Jim

Span · 07-19-2005, 06:34 PM

Well, Jim, I just tried to hotlink this image: http://www.allsmartcars.com/graphics/Jul14-05-002.jpg
from this page: http://altlab.com/hotlinking.html and it didn't show. You were looking at a cached image..

Hey.. always make sure to empty your browser cache before testing any change in your .htaccess.

smartcars · 07-19-2005, 06:43 PM

I just cleaned my cached and tried your steps above and the image appeared. (now scratching head).

Span · 07-20-2005, 01:22 AM

Okay. Looking at the code again I noticed a few things.

First, the third RewriteCond should be written like this:

RewriteCond %{REQUEST_URI} !^hotlinkedtheft\.gif [NC]

No slash in front of "hotlinkedtheft\.gif". My mistake. Not needed in .htaccess, but that can't be the real problem.

Now, your ErrorDocument lines. For some reason (plain blindness, maybe..) I didn't see you used absolute URLs in there. Actually that is not supposed to work at all.. only relative URLs should be there. Relative to the root of your domain. In your case, a slash.

ErrorDocument 404 /
ErrorDocument 403 /

You could try that. But.. using your index page as a 404 is not an 'allsmart' thing to do. Search engines like Google, Yahoo and MSN might see your 404 pages as duplicate content, resulting in ranking much lower. Better make a separate page for your 404s.