homepage Welcome to WebmasterWorld Guest from 54.204.231.253
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
htaccess Anti Hotlink question
htaccess Anti Hotlink question
StopSpam




msg:1514255
 8:48 pm on Apr 14, 2003 (gmt 0)

I have a question related tothe htaccess anti hotlink code:

I use this code in my htaccess file to stop hotlinkers;

RewriteEngine on
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://MyWebSite.com/.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://wwWebmasterWorldebSite.com/.*$ [NC]
RewriteRule .*\.(gif¦GIF¦jpg¦JPG)$ [MyWebSite.com...] [R]

My question is if i add cgi¦pl to the RewriteRule .*\ line
would it then also automaticly stop other sites from using my cgi scripts?

i were thinking of chanhing the RewriteRule to :

RewriteRule .*\.(gif¦GIF¦jpg¦JPG¦cgi¦pl)$ [MyWebSite.com...] [R]

Othewr sites should be allowed to link tosome of my cgi scripts.but they may not runthem from there domains.

Will this work?

i look forward to your comments

 

DrDoc




msg:1514256
 8:54 pm on Apr 14, 2003 (gmt 0)

I don't see why it wouldn't work :)

StopSpam




msg:1514257
 9:21 pm on Apr 14, 2003 (gmt 0)

I havent seen anyone using it like this ..
and it sounds in my head almost to good to be treu. ..
so thats why i asked it ;-)

hehe ok i go try it i will report the results.

jdMorgan




msg:1514258
 10:39 pm on Apr 14, 2003 (gmt 0)

StopSpam,

You can make the RewriteRule case-insensitive using the [NC] flag, and you probably should add an [L] flag. Since there is no start anchor, ".*" at the beginning of the pattern is no needed. Redirecting transparently (omitting the [R] flag) prevents them from easily figuring out what happened.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?MyWebSite\.com/ [NC]
RewriteRule \.(gifŠjpe?g?ŠcgiŠpl)$ /no.gif [NC,L]

The pattern "http://(www\.)?MyWebSite\.com/" will match your site's domain, with or without "www." No trailing anchor or ".*" is needed.
The pattern "jpe?g?" will match jpeg, jpe, and jpg if you want to cover 'em all.

I would suggest handling your cgi and pl filetype blocks separately from the images. It will make no sense to a browser for a script request to be redirected to a .gif image file. Actually, I suggest creating a "dummy" file for each image type, and then using a rule like this:

RewriteRule .*\.(gifŠjpe?g?)$ /no.$1 [NC,L]

anything.gif gets redirected to no.gif
anything.jpg gets redirected to no.jpg
anything.jpe gets redirected to no.jpe
anything.jpeg gets redirected to no.jpeg

Alternately, you can just block them all and return 403-Forbidden

RewriteRule .*\.(gifŠjpe?g?ŠcgiŠpl)$ - [NC,F]

Summing up, with all the bells and whistles, you'd have:

RewriteEngine on
# redirect images
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?MyWebSite\.com/ [NC]
RewriteRule \.(gifŠjpe?g?)$ /no.$1 [NC,L]
# block scripts
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?MyWebSite\.com/ [NC]
RewriteRule \.(cgiŠpl)$ - [NC,F]

There's a way to combine and shorten these functions by using the [S] flag, but it's harder to maintain.

Jim

StopSpam




msg:1514259
 1:43 pm on Apr 15, 2003 (gmt 0)

Thx Jim ...

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved