homepage Welcome to WebmasterWorld Guest from 54.237.184.242
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
.htaccess and hotlink problem
smuts




msg:1521197
 5:36 pm on May 27, 2003 (gmt 0)

Hi there!

I'm new at this, and I'm not sure I'm posting in the correct place... But here it goes.

I'm having some problems with .htaccess...

Here's my .htaccess file:


RewriteEngine on
RewriteRule ^/images/allowed/(.+) - [PT,L]
RewriteCond %{HTTP_REFERER}!^http://www\.mysite\.com.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://mysite\.com.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://forum\.mysite\.com.*[/url]$ [NC]
RewriteRule .*\.(jpg夸peg夙if如ng在mp妃p3如df)$ http://www.mysite.com/images/hotlink.jpg [R,NC]

So, I want to block hotlinking from every host exept: www.mysite.com, mysite.com and forum.mysite.com.

This works like a charm... However, I want other sites to be able to hotlink the images in /images/allowed and this doesn't work... Also, I want the image 'hotlink.jpg' to be displayed if someone tries to hotlink, and this doesn't work either...

Thanks in advance / jek

 

jdMorgan




msg:1521198
 2:20 am on May 29, 2003 (gmt 0)

smuts,

I would suggest rewriting that as follows:

RewriteEngine on
RewriteCond %{REQUEST_URI} !^/images/allowed/.+
RewriteCond %{HTTP_REFERER} !^http://(www\.圩orum\.)?mysite\.com [NC]
RewriteRule \.(jpe?g夙if如ng在mp妃p3如df)$ /images/hotlink.jpg [NC]

Now there is a problem with this... Specifically, you cannot redirect from a non-image file to an image file, and expect a browser to handle that. I suggest you create jpeg, gif, png, and bmp versions of your "forbidden" graphic, and maybe even an MP3 of "This audio file was stolen from www.mysite.com" and a pdf file that says the same thing. Then you can use:

RewriteEngine on
RewriteCond %{REQUEST_URI} !^/images/allowed/.+
RewriteCond %{HTTP_REFERER} !^http://(www\.圩orum\.)?mysite\.com [NC]
RewriteRule \.(jpe?g夙if如ng在mp妃p3如df)$ /images/hotlink.$1 [NC]

To redirect each requested filetype to its correct-format replacement.

If this is too much work, then just use:

RewriteEngine on
RewriteCond %{REQUEST_URI} !^/images/allowed/.+
RewriteCond %{HTTP_REFERER} !^http://(www\.圩orum\.)?mysite\.com [NC]
RewriteRule \.(jpe?g夙if如ng在mp妃p3如df)$ - [NC,F]

Which will simply return a 403-Forbidden status.

Be advised that this forum modifies the solid vertical pipe character to a broken vertical pipe "" character. You will need to replace the "" characters above with the solid ones from your keyboard.

HTH,
Jim

smuts




msg:1521199
 6:00 pm on May 29, 2003 (gmt 0)

Thanks a lot for the help mate!

smuts




msg:1521200
 11:18 pm on May 29, 2003 (gmt 0)

Your tip worked great! I can't express how thankful I am. Thanks alot!

I have been looking for a solution for this problem for a couple of days now, and I never thought I'd solve it. Thanks.

Visit Thailand




msg:1521201
 2:32 am on May 31, 2003 (gmt 0)

I saw this post and so thought I would try again at hotlinking.

When I put this code in the .htaccess some images appear on my website and others show the hotlink image. When I test the hotlinking from another site the hotlink image appears as it should, so the problem is that some of the pictures on my own site show the hotlink image instead of the actual image (if it makes any difference I was testing it in a sub directory so not the main .htaccess of the site).

I should point out that all images on my sites pages are linked to with a full url - http;//www.mydomain.com

Options +FollowSymlinks
RewriteEngine on
RewriteCond %{REQUEST_URI}!^/images/permit/.+
RewriteCond %{HTTP_REFERER}!^http://(www\.)?mydomain.com/ [NC]
RewriteRule \.(jpg夸peg?夙if在mp)$ /images/hotlink.$1 [NC]

so I then changed it slightly to :

Options +FollowSymlinks
RewriteEngine on
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://(www\.)?mydomain.com/ [NC]
RewriteRule \.(jpg夸peg?夙if在mp)$ /images/hotlink.$1 [NC]

with this hotlinking from another site still works and all my images on my site show up as they should.

Any idea why this could be?

jdMorgan




msg:1521202
 2:52 am on May 31, 2003 (gmt 0)

Visit_Thailand,

Your second version allows access by users with blank referrers - A practice I do recommend. This supports users who are behind certain firewalls, proxies, and internet security applications which block the referrer.

When testing anti-hotlinking implementations, you must flush your browser cache (Temporary Internet Files) before each and every test. Your code should work fine if you do this, however, I suggest adding the [L] flag to the final rule, and deleting the trailing slash from your domain (to allow for port numbers), as shown.

Options +FollowSymlinks
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com [NC]
RewriteRule \.(jpg夸peg?夙if在mp)$ /images/hotlink.$1 [NC,L]

HTH,
Jim

Visit Thailand




msg:1521203
 5:06 am on May 31, 2003 (gmt 0)

Sorry have not been able to reply for a while, seems when I copy and paste the reply I get an error.

Thank you Jim. Made the changes you suggested and altered the double pipes etc. After clearing cache etc it does not seem to work. Am testing it using htmlbasix and pimpcafe's tester. All the images show up on the website as they should but they also show up in above testers. Any ideas why this could be?

Visit Thailand




msg:1521204
 5:13 am on May 31, 2003 (gmt 0)

OK well have been trying to post some of my .htaccess file but when I paste it in (have removed most uneeded bits so it is not very long it does not seem to work).

jdMorgan




msg:1521205
 3:06 pm on May 31, 2003 (gmt 0)

Visit_Thailand,

No, your code is correct and is probably working fine. As I said, the only thing that will bypass this code is if the user-agent or an intervening proxy/firwewall hides the referer string. There is not much we can do about that.

Jim

Visit Thailand




msg:1521206
 2:38 am on Jun 1, 2003 (gmt 0)

Jim Thanks - I diabled my firewall and tested it and you are right the image does not show up but neither does the hotlink image the page just sort of keeps trying to download the image but never seems to finish almost as if it were in some form of loop.

I read somewhere that sometimes a loop can be caused because the code states that .jpg are not allowed to be hotlinked to so when it tries and grabs a picture such as a jpg the code then goes to fetch the hotlink.jpg but as .jpg's are banned it causes a loop.

Where I read this suggested renaming the hotlink.jpg to hotlink.jpe and using just the one image for hotlinking rather than a collection.

What do you think?

All the images on my site are .jpg or .gif so I could even rename the hotlink .jpeg.

Visit Thailand




msg:1521207
 2:55 am on Jun 1, 2003 (gmt 0)

Brilliant that works! Just wanted to let you and others know.

Do you see any problems with that though Jim?

Options +FollowSymlinks
RewriteEngine on
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://(www\.)?mydomain\.com [NC]
RewriteRule \.(jpg¦gif¦bmp)$ /images/hotlink.jpeg [NC,L]

I basically removed the jpeg selection from the code, changed the name of the hotlink image to jpeg and made the code select that image instead of a respective counterpart.

Because jpeg is not part of the banned image types it allows the other site to download it.

Thanks for all you help.

jdMorgan




msg:1521208
 2:58 am on Jun 1, 2003 (gmt 0)

Visit_Thailand,

Hah! You're may be right... I forgot to mention something...

Note that the code above will always loop forever if the RewriteRule specifies an external redirect, as in [R=301,L]

Or it may be that some other module is being invoked that is interfering, and causing the rules to be reprocessed during the request.

Try this:


Options +FollowSymlinks
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com [NC]
RewriteCond %{REQUEST_URI} !^/images\.hotlink\.
RewriteRule \.(jpg夸peg?夙if在mp)$ /images/hotlink.$1 [NC,L]


Jim

wkitty42




msg:1521209
 4:48 am on Jun 1, 2003 (gmt 0)

hey, jdM,

couldn't you handle the looping on the hotlink.jpg in the same manner you've show the handling of robots.txt file?

ie: !/robots.txt

and that would let them get the hotlink.jpg while still redirecting for all the others?

jdMorgan




msg:1521210
 5:09 am on Jun 1, 2003 (gmt 0)

wkitty42,

I'm not sure I understand that question. You can't have a RewriteRule that looks to match both .jpg and NOT .jpg, so you have to use either a different filetype or a different directory (or both, as above) to make the exclusion that allows the alternate image to be displayed without itself being redirected.

Note that this is usually a non-problem, because the original code uses an internal redirect - One that does not communicate with the browser, but simply substitutes one file for another, and serves it.

In the robots.txt case, we are talking an external redirect of sorts - a 403-Forbidden response. With an external redirect, the browser is going to come back with a new request, your server will run through your rewriterules again, and that can cause looping, because the server has no memory whatsoever of the previous request.

I'm not quite sure why Visit_Thailand is having a problem - I run the code I posted myself on several hosts, and it works. But there are many, many, ways to set up a server, and some of them cause weird problems with .htaccess directives.

Jim

wkitty42




msg:1521211
 6:43 pm on Jun 2, 2003 (gmt 0)

jdM,

ahhh... i see what you are saying, now... the reason that!/robots.txt works is because it is specifically allowed in those other examples and not blocked further in the conditions by *.txt... i was thinking that you may have been able to allow that one request thru by naming it specifically and blocking others based on their extensions...

in studying your last example further...

==== quote ====
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://(www\.)?mydomain\.com [NC]
RewriteCond %{REQUEST_URI}!^/images\.hotlink\.
RewriteRule \.(jpg夸peg?夙if在mp)$ /images/hotlink.$1 [NC,L]
==== quote ====

i see that that is exactly what you did with!^images/hotlink\.

jdMorgan




msg:1521212
 6:59 pm on Jun 2, 2003 (gmt 0)

wkitty42,

OK, I see what you were asking.

The strange thing is that adding that RewriteCond should not be necessary, but if something on VT's server is causing .htaccess to be processed again, it might help. Normally, .htaccess is only processed once per HTTP request. If a RewriteRule is processed which then causes an external redirect, that ends the current request, sends a response to the client browser, and the client then issues a new request, which will cause the server to re-process .htaccess.

But the above code does an internal redirect, simply substituting one file for another, and so .htaccess should no be re-invoked (causing a loop). But as I said, there are often "invisible" issues outside of .htaccess itself that can cause trouble.

Jim

Visit Thailand




msg:1521213
 4:43 am on Jun 14, 2003 (gmt 0)

Hi I need to know if I add another domain (to allow this other domain to use the pics) what is the best way to do it from here?

Options +FollowSymlinks
RewriteEngine on
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://(www\.)?mydomain\.com [NC]
RewriteRule \.(jpg夙if在mp)$ /images/hotlink.jpeg [NC,L]

Would this be OK?

Options +FollowSymlinks
RewriteEngine on
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://(www\.)?mydomain\.com [NC]
RewriteCond %{HTTP_REFERER}!^http://(www\.)?THEOTHERDOMAIN\.com [NC]
RewriteRule \.(jpg夙if在mp)$ /images/hotlink.jpeg [NC,L]

and what if it is specifically a subdomain I want to allow. So instead of allowing al X.com I only want to allow sub.X.com?

jdMorgan




msg:1521214
 4:55 am on Jun 14, 2003 (gmt 0)

Visit_Thailand,

Your modified rule looks good. To limit access based on a specific subdomain of the referrer, just stick the subdomain name on the end, like so:

RewriteCond %{HTTP_REFERER} !^http://(www\.)?THEOTHERDOMAIN\.com/subdomain [NC]

Jim

Visit Thailand




msg:1521215
 8:47 am on Aug 4, 2003 (gmt 0)

This thread was locked due to its age and Visit_Thailand posted this question elsewhere. It belongs here so we unlocked the thread and added the post at VT's request.
DaveAtIFG

My hotlink code in .htaccess is :

RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://(www\.)?mydomain\.com [NC]
RewriteCond %{HTTP_REFERER}!^http://(www\.)?adomain\.net/subdomainname [NC]
RewriteCond %{HTTP_REFERER}!^http://(www\.)?adomain\.com [NC]
RewriteCond %{HTTP_REFERER}!^http://(www\.)?adomain\.com [NC]
RewriteRule \.(jpg夙if在mp)$ /images/hotlink.jpeg [NC,L]

Now this works great from what I can see, but I want to for one image (re RSS Feeds) to be allowed to be hotlinked so I changed the above to:

RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://(www\.)?mydomain\.com [NC]
RewriteCond %{HTTP_REFERER}!^http://(www\.)?adomain\.net/subdomainname [NC]
RewriteCond %{HTTP_REFERER}!^http://(www\.)?adomain\.com [NC]
RewriteCond %{HTTP_REFERER}!^http://(www\.)?adomain\.com [NC]
RewriteCond %{REQUEST_URI}!ALLOWTHISPICTUREINMYROOT \.jpg$ [NC]
RewriteRule \.(jpg夙if在mp)$ /images/hotlink.jpeg [NC,L]

Did I put this line RewriteCond %{REQUEST_URI}!ALLOWTHISPICTUREINMYROOT \.jpg$ [NC] in the right place above? and does it need a [NC]?

[edited by: DaveAtIFG at 4:38 am (utc) on Aug. 5, 2003]

jdMorgan




msg:1521216
 5:24 am on Aug 5, 2003 (gmt 0)

VisitThailand,

> Did I put this line RewriteCond %{REQUEST_URI}!ALLOWTHISPICTUREINMYROOT \.jpg$ [NC] in the right place above? and does it need a [NC]?

Other than the extra space in the URI, it looks OK to me... You could use

RewriteCond %{REQUEST_URI} !^/ALLOWTHISPICTUREINMYROOT\.jpg$ [NC]

to make sure that picture is allowed to be hotlinked ONLY if it resides in your web root directory.

I use [NC] mostly where it is possible that someone may type-in uppercase URL parts. When I design a site, I make sure that all pathnames in links are lowercase-only, so there is no need for me to allow for case variations in most of my rewriterules. However, there is always the possibility that someone may manually type a page request into their browser, so I tend to make page URLs case-insensitive by adding [NC] to the rules.

So, for my own sites, I don't use [NC] for images, CSS files, scripts etc., - I only use it for html page URLs. It's a personal style thing, though; Using [NC] doesn't slow down the server very much, so it's up to you to make that decision based on your page design habits, and whether your users are likely to be directly typing in requests for anything but pages.

Jim

Visit Thailand




msg:1521217
 5:58 am on Aug 5, 2003 (gmt 0)

Thanks Jim as always.

I am not sure whether I am right in saying the root directory, it is in the main www directory, so the image I want to allow hotlinking to can be linked with mydomain.com/ThisPicture.jpg

Is that the root? and if not should I still use the modified line you put in your last post namely:

RewriteCond %{REQUEST_URI}!^/ALLOWTHISPICTUREINMYROOT\.jpg$ [NC]

Also you bring up an interesting point re case sensitive urls. This site I am working on has case sensitive urls with pages SuchasThis.shtml etc

I get a lot of 404's for people looking for thispage.shtml when it should be ThisPage.shtml

Is there anyway I can add code to .htaccess to ensure that when someone types in thispage.shtml they are redirected to ThisPage.shtml?

Of course I could do 301's but there are hundreds if not thousands of such pages and my .htaccess is already very large with hundreds of 301's already.

jdMorgan




msg:1521218
 2:15 pm on Aug 6, 2003 (gmt 0)

mydomain.com/ThisPicture.jpg

Is that the root?


ThisPicture.jpg is in the web root (often the root of your web hosting account), not to be confused with the server root or the system root.

If you have access to httpd.conf, I believe you can use a RewriteMap to standardize to all-lowercase or all-uppercase pathnames. Otherwise you can use a script to do it - for example, process all 404s through a script that converts existing URLs to all-lowercase, and tries again (beware of loops). See the RewriteCond -U and -f flags in this regard.

Best advice on mixed-case URLs, IMHO... Don't do it! Using all-lowercase greatly simplifies URL redirection, internal and external linking, and moving from one type of server to another (case-sensitive to case-insensitive, or vice-versa). Simple is good.

Jim

Visit Thailand




msg:1521219
 2:09 am on Aug 16, 2003 (gmt 0)

Thanks Jim.

I have been looking into the options you mentioned above and with regards to the CaseSensitive urls I found this module which may seem to help fix the problem.

If I have understood it correctly all I need to do is add the below to the .htaccess file:

Checkspelling on

Has anyone used CheckSpelling directive? Any major problems? or other advice?

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved