homepage Welcome to WebmasterWorld Guest from 54.226.235.222
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
Help with .htaccess file for hotlinking issue
pengrus




msg:1503634
 3:52 pm on Jun 6, 2003 (gmt 0)

I have the following htacess file right now, and it is working.

<Files .htaccess>
deny from all
</Files>
RewriteEngine on
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://YOURDOMAIN.com [NC]
RewriteCond %{HTTP_REFERER}!^http://www.YOURDOMAIN.com [NC]
RewriteCond %{HTTP_REFERER}!^http://YOURIPADDRESS [NC]
RewriteCond %{HTTP_REFERER}!^http://www.YOURIPADDRESS [NC]
RewriteCond %{HTTP_REFERER}!^http://www.google.com [NC]
RewriteCond %{HTTP_REFERER}!^http://google.com [NC]
RewriteCond %{HTTP_REFERER}!^http://216.239.*.* [NC]
RewriteRule .*\.(gif¦jpg¦jpeg¦bmp¦png¦mpg¦mpeg¦avi¦wmv¦mov¦asf)$ - [F]

But I need one more improvement.

My site is
[YOURDOMAIN.com...]
My forum is:
[YOURDOMAIN.com...]

Is it possible to let the hotlinking/embedding pictures work in the posts of my own forum [YOURDOMAIN.COM...]

Thank you for your help!

 

wilderness




msg:1503635
 5:03 pm on Jun 6, 2003 (gmt 0)

by making this addition to your domain URL's .*$
<Files .htaccess>
deny from all
</Files>
RewriteEngine on
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://YOURDOMAIN.com.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://www.YOURDOMAIN.com.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://YOURIPADDRESS.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://www.YOURIPADDRESS.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://www.google.com.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://google.com.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://216.239.*.* [NC]
RewriteRule .*\.(gif夸pg夸peg在mp如ng妃pg妃peg地vi安mv妃ov地sf)$ - [F]

jdMorgan




msg:1503636
 5:47 pm on Jun 6, 2003 (gmt 0)

pengrus,

Welcome to WebmasterWorld [webmasterworld.com]!

This is confusing; If you want the images to appear when your forum is displayed, then no change should be necessary. If images are not showing in your forum, there is some other problem -- for example, the sites the images are linked from are blocking hot-linking themselves.

If you want people to be able to display images from your forum on other web sites, then you'll need to add something.

First, let's clean up your original code by removing redundant and unneccessary lines, characters, and [NC] flags, and escaping the periods in domain names and IP addresses:

<Files .htaccess>
deny from all
</Files>
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?YOURDOMAIN\.com [NC]
RewriteCond %{HTTP_REFERER} !^http://YOURIPADDRESS
RewriteCond %{HTTP_REFERER} !^http://(www\.)?google\.com [NC]
RewriteCond %{HTTP_REFERER} !^http://216\.239\.
RewriteRule \.(gif夸pg夸peg在mp如ng妃pg妃peg地vi安mv妃ov地sf)$ - [F]

Then, in order to allow hot-linking of images in your forum directory, add this line above the RewriteRule:

RewriteCond %{REQUEST_URI} !^FORUM/ [NC]

This will allow images stored in the /FORUM subdirectory to be displayed on other web sites.

Ref: Introduction to mod_rewrite [webmasterworld.com]

Jim

pshea




msg:1503637
 12:11 am on Jun 7, 2003 (gmt 0)

Sorry to jump in on you code guys, but are you guys saying that if I put jdMorgan's code in my htaccess, all of those little buggers in those fruity forums will not be able to steal my images an bloat my log files? Because that would be great! Lemme know. Tks.

jdMorgan




msg:1503638
 1:26 am on Jun 7, 2003 (gmt 0)

pshea,

Yes, that's the purpose here.

Jim

pshea




msg:1503639
 1:36 am on Jun 7, 2003 (gmt 0)

WEEEEEEEEEEEEEEEE!

jd, may I ask, what will be the experience of the toads who try to link? I mean, they will go through their usual routine to try to link, then they will return to their message or post or whatever to see just how kewl their post looks now, and what will be the result?

jdMorgan




msg:1503640
 1:50 am on Jun 7, 2003 (gmt 0)

pshea,

You might want to try a WebmasterWorld site search for "hotlinking" to find out more. The "experience" you speak of is largely under your control. You can simply respond to the hotlinked image request with a 403-Forbidden response, givieng them a broken image icon. Or. like the code above, you can supply an alternate image; Some like to put a graphic of their site's URL or logo, some like to substitute another image that would be embarrassing to the hotlinker, either promotional, such as, "This image stolen from www.mysite.com" or just a message like, "My mother was a newt, and my father smelt of Elderberries", or maybe something disgusting - use your imagination. I prefer the 403/broken link approach, since my main purpose is to prevent the use of my bandwidth, and it avoids professional pitfalls.

One thing that I should warn about: Some of the code examples you will find here and elsewhere are intended to redirect from a hotlinked .gif to the .html home page of the site where the image was stolen from. This won't work. .gif files should be redirected to .gif files, .jpg's to .jpg files, etc. In this way you can guarantee complete browser compatibility should you choose to be "creative" in supplying alternate images.

Jim

pshea




msg:1503641
 2:45 am on Jun 7, 2003 (gmt 0)

jd: thanks for that: I will do my homework accordingly. I have followed this issue here for quite some time and never seen anything so definitive as this post, so maybe I'm not quite so diligent (hell, the advice here has had the curse of making the site successful, you cads!).

I adore your detailed response and am humbled by it. I will study it chapter-and-verse. I don't want to insult the "linkers", I'm just trying to keep my log files "accurate". Thanks so much.

pshea

pengrus




msg:1503642
 4:23 pm on Jun 8, 2003 (gmt 0)

Thanks for the welcome note! And many thanks for all who replied to me with your kind help. Yeah, I got it to work now. The missing ".*$" is the problem in my original post.

Thank you so much and this is a great community!

jdMorgan




msg:1503643
 4:40 pm on Jun 8, 2003 (gmt 0)

pengrus,

Well, that's interesting, because ending a pattern in ".*$" makes no meaningful change. That is,

RewriteCond %{HTTP_REFERER} ^somepattern [OR]
- is exactly equivalent to -
RewriteCond %{HTTP_REFERER} ^somepattern.*$ [OR]

Because the first pattern has no end-anchor, and thus specifies that the string to be matched by the pattern may contain anything following that part of the pattern which you have specified. Reference: Regular Expressions Tutorial [etext.lib.virginia.edu].

The same is true for start anchors. That is:

RewriteCond %{HTTP_REFERER} somepattern$ [OR]
- is exactly equivalent to -
RewriteCond %{HTTP_REFERER} ^.*somepattern$ [OR]

So, now I'm wondering why your original rules did not work, if all you did was add ".*$" to one or more of the patterns. Can you be more specific as to which ones you modified?

Thanks,
Jim

pengrus




msg:1503644
 4:51 pm on Jun 8, 2003 (gmt 0)

ok, I thought that we one of the reason. But here is the complete code that I have that is working:

Options +FollowSymlinks
ErrorDocument 401 /401.html
ErrorDocument 403 /403.html
ErrorDocument 404 /404.html
ErrorDocument 500 /500.html
###SERVER CUSTOM ERROR DOCS - END

###STOP CASUAL DIR BROWSING - BEGIN
DirectoryIndex index.html index.shtml index.shtm index.php index.cgi /403.html

<Files .*>
deny from all
</Files>
###STOP CASUAL DIR BROWSING - END

###STOP HOT LINKERS - BEGIN
RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://domain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://www.domain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://000.11.222.xx/.*$ [NC]
RewriteCond %{HTTP_REFERER}!^https://domain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER}!^https://www.domain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER}!^https://xxx.xx.xxx.xx/.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://www.google.com/.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://google.com/.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://216.236.*.* [NC]
RewriteRule .*\.(bmp¦gif¦GIF¦jpg¦JPG¦exe¦zip¦mpeg¦avi¦mpg¦wmv)$ [domain.com...] [R]

###STOP HOT LINKERS - END

###STOP ROBOT DOWNLOADERS - BEGIN
RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_USER_AGENT} ^JetCar.* [NC]
RewriteCond %{HTTP_USER_AGENT} ^FlashGet.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^NetAnts.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebZIP.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^GetRight.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^GoZilla.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebReaper.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^ia_archiver.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^wget.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^HTTrack.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebStripper.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCapture.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Scooter-W3.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCopier.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^FlashGe.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Webdupe.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^NetAnts.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Pockey.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^DiscoPump.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^InternetNinja.* [NC,OR]
RewriteRule .* - [F,L]
###STOP ROBOT DOWNLOADERS - END

###BASIC DENY LIST START
Deny from .id
Deny from .interpacket.net
Deny from .lt
Deny from .mk
Deny from .my
Deny from .ro
Deny from .yu

jdMorgan




msg:1503645
 5:17 pm on Jun 8, 2003 (gmt 0)

pengrus,

Well, here's a major problem...
This code will fail, due to the [OR] on the last RewriteCond:

RewriteCond %{HTTP_USER_AGENT} ^DiscoPump.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^InternetNinja.* [NC,OR]
RewriteRule .* - [F,L]

The last RewriteCond preceding a RewriteRule must never have an [OR] flag; It should read:

RewriteCond %{HTTP_USER_AGENT} ^DiscoPump.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^InternetNinja.* [NC]
RewriteRule .* - [F,L]

Also, as noted above, "." is a special character in regular-expressions patterns. It means, "match any single character." If you want to match a literal "." - as you would in a domain name or IP address, you'll need to precede it with a backslash. Examples: www\.google\.com or 64\.239\.45\.12

I see several other minor problems here, and would recommend that you spend some time understanding these directives by reading the documentation available from the Apache Web site [httpd.apache.org], and the regular expressions tutorial cited above.

HTH,
Jim

JasonKAR




msg:1503646
 8:32 am on Jun 22, 2003 (gmt 0)

jdmorgan,

Thanks much for your post msg 3 above!

Question though, and forgive me if this has been answered elsewhere & I've just overlooked it.

But is the snippet code you've outlined for the .htaccess file directory-specific with regards to the images attempting to be hotlinked? In my case for example, I have many images simply in the yourdomain.com/***.gif level and not resident within subdirectories (altho I have some of these as well).

In other words, will this work for me if I don't have images resident within a specific images directory?

Thanks again for making your help so intelligible!

JasonKAR

jdMorgan




msg:1503647
 4:02 pm on Jun 22, 2003 (gmt 0)

JasonKAR,

Welcome to WebmasterWorld [webmasterworld.com]!

The code in msg 3 is not specific, unless the line of code cited at the end is added. It will prevent hotlinking in the directory in which it resides and in any subdirectory of that directory - which is how .htaccess works, unless the RewritesConds and RewriteRules are written to specify certain directories/subdirectories.

Jim

JasonKAR




msg:1503648
 1:25 am on Jun 24, 2003 (gmt 0)

Thanks jdmorgan, I believe I see. So two quick confirmation questions. One, if I want to prevent any image hosted in my domain (any directory, sub directory) from being hotlinked, I must be sure to simply *not* include that last line cond line.

Second, I must have the mod rewrite engine turned on for this to work (via your htaccess file), correct?

Thanks *very* much.

JasonKAR

jdMorgan




msg:1503649
 1:42 am on Jun 24, 2003 (gmt 0)

JasonKAR,

Yes and yes. You may also need to add the line

Options +FollowSymLinks

before the RewriteEngine on line.

If your rewrites don't work, add that line and try again. If you add it but don't need it, you may get a 500-Server error. Only testing will tell.

Now before you go install this, you might also want to read this thread [webmasterworld.com] (see post #16) to avoid blocking Google tools, etc.

I strongly suggest you read as much as you can (see citation in post #3 above) before getting involved with mod_rewrite [httpd.apache.org]. It is very powerful, and as a result, it can "mess up" your site with just one typo. On the other hand, the only way to learn it well is to experiment with it - something best done in a separate test subdirectory at first. :) Site search here on WebmasterWorld will turn up lots of good info in addition to that referenced here.

HTH,
Jim

JasonKAR




msg:1503650
 2:27 am on Jun 24, 2003 (gmt 0)

Thanks jdmorgan, you're awesome as always. (Now I'm a little nervous about the mod rewrite engine, however). All I intend to add to the .htaccess file is the following code:

<Files .htaccess>
deny from all
</Files>
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://(www\.)?YOURDOMAIN\.com [NC]
RewriteCond %{HTTP_REFERER}!^http://YOURIPADDRESS
RewriteCond %{HTTP_REFERER}!^http://(www\.)?google\.com [NC]
RewriteCond %{HTTP_REFERER}!^http://216\.239\.
RewriteRule \.(gif¦jpg¦jpeg¦bmp¦png¦mpg¦mpeg¦avi¦wmv¦mov¦asf)$ - [F]

If I have my root level .htaccess file without the above, and test a separate .htaccess file with the above code, in a small subdirectory, would that be an adequate
test? My .htaccess would have no other mod rewrite code than the above...

Thanks much...
JasonKAR

[edited by: JasonKAR at 5:00 am (utc) on June 24, 2003]

jdMorgan




msg:1503651
 2:41 am on Jun 24, 2003 (gmt 0)

JasonKAR,

Yes, a subdirectory test would be a good idea.

But you need to read the links I cited, and some of the citations on those pages as well. Do not attempt to use this handgun without reading the instructions!

The following rule is badly broken, and won't work.

RewriteRule \.(gif?jpg?jpeg?bmp?png?mpg?mpeg?avi?wmv?mov?asf)$ - [F]

Find the reference to regular expressions in this post: Introduction to mod_rewrite [webmasterworld.com]

I'm happy to help you learn this stuff, but plan on at least a day of study time - I'd rather teach you to fish than to give you a fish, as the old saying goes... You won't regret the investment of time.

Jim

JasonKAR




msg:1503652
 5:10 am on Jun 24, 2003 (gmt 0)

Thanks jdmorgan. I've begun reading the suggested refs you pointed out...must say, it's pretty informative, even if one doesn't understand the full utility of each piece. Still, I found the Steve Ramsay reg expression page useful...especially on alternation. I've fixed my bad line above! (It is alternation, correct? Not to be confused with 'alienation' - the feeling one gets by not completely understanding how all the pieces fit together!)

My hosting co. (Hostway) tells me I need to relocate my site to a different server in order to enable mod rewrite, so while I'll be switching over this week, there's no rush...We'll go fishing slowly...

What is the "¦" line called inside the parentheses that denotes this OR alternation? And there should be no space between it and the elements before & after it, correct?

JasonKAR

jdMorgan




msg:1503653
 5:25 am on Jun 24, 2003 (gmt 0)

JasonKAR,

No spaces around "pipes". Note correct use of "?", making the letter "e" optional in "jpeg" and "mpeg", and so avoiding duplication of alternation, a nice formulation to reduce computation... (I'd better quit) ;)

RewriteRule \.(gif¦jpe?g¦bmp¦png¦mpe?g¦avi¦wmv¦mov¦asf)$ - [F]

Jim

JasonKAR




msg:1503654
 6:20 pm on Jun 24, 2003 (gmt 0)

Thanks Jim. Yes, watch out or you can start to sound like something from Doctor Who...!
I've been reading all morning about mod rewrite...a couple quick questions.

The URL 'rewriting' process that's initiated by mod rewrite...does this affect the serving time of your pages/images? Sounds seamless, but never hurts to ask...

Also: are there any characters (besides pipes!) which deserve special attention when cutting & pasting this code? That is, I've noticed the pipes can come out as "?" in my text editor...obviously, I will need to change these...

Thanks.

Jason

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved