homepage Welcome to WebmasterWorld Guest from 23.20.220.61
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
httpd.conf - .htaccess - hotlinking
chasmcg




msg:3629080
 1:29 pm on Apr 17, 2008 (gmt 0)

I have the code below in my httpd.conf file on my server and it isn't blocking hotlinking to images. What is the correct format to do this? Thanks.

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteMap LeechProtect prg:/usr/local/cpanel/bin/leechprotect

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://mysite.com/.*$ [NC]
RewriteRule .*\.(gif¦GIF¦jpg¦JPG¦jpeg¦JPEG¦png¦PNG)$ [mysite.com...] [R]

</IfModule>

 

jdMorgan




msg:3629243
 4:41 pm on Apr 17, 2008 (gmt 0)

The code can block access only if the client (browser) sends an HTTP Referer header (so that %{HTTP_REFERER} is non-blank), and sending the HTTP Referer header is optional. That's just how HTTP works, so referrer-based anti-hotlinking can never be 100% effective.

However, that rule can be re-coded in a much more efficient way, and you can save bandwidth by denying the request instead of trying to redirect image requests to an HTML page (which won't work most of the time):

RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mysite\.com
RewriteRule \.(gif¦jpe?g¦png)$ - [NC,F]

Note that I made "www." optional in the now-single RewriteCond that checks for your domain as the referrer, and that I used [NC] to make the file-extension check case-insensitive and made the "e" in "jpeg" optional as well, compacting the regular-expressions pattern required in your RewriteRule. I added slashes to escape all literal periods in the patterns. I also removed the meaningless ".*" postfix and prefix from the patterns as well; Adding ".*" adjacent to a regular-expressions pattern start or end anchor accomplishes nothing and just wastes CPU time. That is you can always delete "^.*" or ".*$" without changing the meaning of a pattern, if that pattern is anchored at its other end.

When testing, be aware that if you successfully load an image, then that image will be stored in your browser cache and will be displayed from your cache until that cache entry expires or is removed. Therefore, it's important when testing anti-hotlinking code that you completely flush your browser cache (delete Temporary Internet Files in IE) before doing another 'test'.

So the procedure must be:

  • Test from allowed referer (your own site), see image.
  • Flush cache.
  • Test from forbidden referer (some other site), see broken image icon.
  • Flush cache.
  • Continue testing & flushing.

    Jim

  • chasmcg




    msg:3629341
     6:05 pm on Apr 17, 2008 (gmt 0)

    Jim, thanks for the reply. The code doesn't work in my httpd.conf file. Although it does in a .htaccess file. I was trying to get away from using .htaccess files but can't seem to. Here's exactly what I used...

    <IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteMap LeechProtect prg:/usr/local/cpanel/bin/leechprotect

    RewriteCond %{HTTP_REFERER} .
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?mysite\.com
    RewriteRule \.(gif¦jpe?g¦png)$ - [NC,F]

    </IfModule>

    Here's some more information as it concerns document root.

    DocumentRoot /home/servername/public_html

    <Directory "/home/servername/public_html">
    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
    </Directory>

    And I have about 5 other sites on the server. Thanks.

    jdMorgan




    msg:3629375
     6:27 pm on Apr 17, 2008 (gmt 0)

    You'll need to enable FollowSymlinks or SymLinksIfOwnerMatch in the rewriterule's context, in order to allow mode_rewrite to execute (See mod_rewrite documentation).

    If that doesn't help, please tell us how the code "doesn't work" -- Specifics of your test, your results, and how they differed from your expectations, as well as any entries from your server error log, might be most helpful.

    Jim

    wilderness




    msg:3629386
     6:39 pm on Apr 17, 2008 (gmt 0)

    The code doesn't work in my httpd.conf file.

    Did you restart Apache after editing the httpd.conf file

    Here's a variation.

    Search google utilizing quotes:

    "Solution # 1 : Prevent “hot linking” of images"

    chasmcg




    msg:3629942
     1:36 pm on Apr 18, 2008 (gmt 0)

    Jim, thanks for your help. I will be working on it.

    Wilderness, yes, I restarted Apache. I googled and got this location. Search engines are your friend, I agree. Thanks for your reply.

    Global Options:
     top home search open messages active posts  
     

    Home / Forums Index / Code, Content, and Presentation / Apache Web Server
    rss feed

    All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
    Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
    WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
    © Webmaster World 1996-2014 all rights reserved