homepage Welcome to WebmasterWorld Guest from 54.227.141.230
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Accredited PayPal World Seller

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
.htaccess & hotlink problem (mysub.mydomain.com)
getting .htaccess to work
isaaclloyd




msg:1498840
 4:21 am on Feb 22, 2005 (gmt 0)

Heres what I am trying to get working:

RewriteEngine On
RewriteCond %{HTTP_REFERER}!^http://(www\.)?mydomain\.com/ [NC]
RewriteCond %{HTTP_REFERER}!^http://(subdomain\.)?mydomain\.com/ [NC]
RewriteCond %{HTTP_REFERER}!^$
RewriteRule \.(jpe?g夙if在mp如ng)$ images/nohotlinking.gif [L]

I am trying to get the .htaccess to allow hotlinking from the main domain and the sub domain. However the sub domain does NOT go: www.mydomain.com/subdomain it goes like this: subdomain.mydomain.com

Any help or comments would greatly be apreciated. Thanks.

~Isaac~

P.S. The code above does not work...

 

jdMorgan




msg:1498841
 4:59 am on Feb 22, 2005 (gmt 0)

Isaac,

Welcome to WebmasterWorld!

In that case, you can simplify your rule set.

RewriteEngine On
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www存ubdomain\.)?mydomain\.com [NC]
RewriteRule \.(jpe?g夙if在mp如ng)$ [b]/i[/b]mages/nohotlinking.gif [L]

"." is equivalent to "!^$", just shorter.

Don't include "/" at the end of domain names. Otherwise, a simple way to break or defeat your rules would be to append a port number, as in "example.com:80/"

I recommend 'rooting' the substitution URL-path unless you have a reason no to.

Note that posting on this board modifies the pipe characters used for in-line ORing. Change the broken pipe "" characters to solid pipes before use!

Jim

isaaclloyd




msg:1498842
 6:58 am on Feb 22, 2005 (gmt 0)

In my old code:

RewriteEngine On
RewriteCond %{HTTP_REFERER}!^http://(www\.)?mydomain\.com [NC]
RewriteCond %{HTTP_REFERER}!^http://(secure\.)?newdomain\.net [NC]
RewriteCond %{HTTP_REFERER}!^$
RewriteRule \.(jpe?g夙if在mp如ng)$ /images/nohotlinking.gif [L]

I also need one referal to be .net and the code you came up with didn't work for me. Basically I need to be allowed to hotlink from 2 different addresses. One from: http://www.mydomain.com and the other: http://secure.newdomain.net

I apreciate the help. Thanks.

~Isaac~

isaaclloyd




msg:1498843
 12:15 am on Feb 23, 2005 (gmt 0)

Can anyone tell me what I might be doing wrong in this new code I have come up with:

RewriteEngine On
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER}!^http://(www存ecure\.)?mydomain(.\com.net) [NC]
RewriteRule \.(jpe?g夙if在mp如ng)$ /images/nohotlinking.gif [L]

Thanks.

~Isaac~

isaaclloyd




msg:1498844
 12:28 am on Feb 23, 2005 (gmt 0)

sorry for another post... I continue to try an figure this out as I post. Heres what I need, only I need it to work:


RewriteEngine On
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER}!^http://(www存ubdomain\.)?(domain1圬omain2)?\.com\.net [NC]
RewriteRule \.(jpe?g夙if在mp如ng)$ /images/nohotlinking.gif [L]

Any comments or suggestions would greatly be apreciated. Thanks.

~Isaac~

jdMorgan




msg:1498845
 2:27 am on Feb 23, 2005 (gmt 0)

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.存ubdomain\.)?(domain1圬omain2)\.(com好et) [NC]
RewriteRule \.(jpe?g夙if在mp如ng)$ /images/nohotlinking.gif [L]

Flush your browser cache (Temporary Internet Files) before each test of modified code. Once an image is in your browser cache, it won't be fetched from your server until the cache expires. If it's not fetched from your server, then serve-side access-control code can have no effect.

Posting on this board modifies the pipe characters used above for in-line ORing. Change the broken pipe "" characters to solid pipes before use!

If you still have problems, please describe the problem and include the contents of your server error log.

Jim

isaaclloyd




msg:1498846
 7:33 am on Feb 23, 2005 (gmt 0)


Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER}!^http://(www\.存ubdomain\.)?(domain1圬omain2)\.(com好et) [NC]
RewriteRule \.(jpe?g夙if在mp如ng)$ /images/nohotlinking.gif [L]

The code you provided should work. However I am still not seeing the images on the site. The goal of this code is to allow my SSL pages to use the images on the site. I have www.mydomain.com and secure.mydomain.com When I am on a page at secure.mydomain.com it doesn't show the images. Not even the hotlinked image, just a blank space with an X. I got no errors or error logs. It just plainly doesn't show my image. However the page is still secure. The source for any images on the secure pages is: <IMG SRC="images/mypic.jpg"> Thanks again, I do apreciate the help.

~Isaac~

jdMorgan




msg:1498847
 5:49 pm on Feb 23, 2005 (gmt 0)

You'll need to change the "http" in the referer to "https?" in order to allow both secure and insecure pages to access to your images.

Jim

isaaclloyd




msg:1498848
 6:05 pm on Feb 23, 2005 (gmt 0)

Can I do this then:

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER}!^(http://多ttps://)(www\.存ubdomain\.)?(domain1圬omain2)\.(com好et) [NC]
RewriteRule \.(jpe?g夙if在mp如ng)$ /images/nohotlinking.gif [L]

Thanks.
~Isaac~

jdMorgan




msg:1498849
 6:38 pm on Feb 23, 2005 (gmt 0)

No, this is shorter and faster and entirely equivalent:

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER}!^htt[b]ps?://[/b](www\.存ubdomain\.)?(domain1圬omain2)\.(com好et) [NC]
RewriteRule \.(jpe?g夙if在mp如ng)$ /images/nohotlinking.gif [L]

As in the other cases, "?" is a regular-expressions token that makes the preceding character or parenthetically-grouped expressions optional.

Jim

isaaclloyd




msg:1498850
 6:56 pm on Feb 23, 2005 (gmt 0)

It worked! Thank you very much for your help. I do apreciate it.

~Isaac~

supernuke




msg:1498851
 10:53 pm on Feb 23, 2005 (gmt 0)

hi

trying this code then

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER}!^https?://(www\.存ubdomain\.)?(domain1圬omain2)\.(com好et) [NC]
RewriteRule \.(jpe?g夙if在mp如ng)$ /images/nohotlinking.gif [L]

lets say my domain 1 is testing.com and my domain 2 is allowd.net, then i should change the code above for this one?

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER}!^https?://(www\.圩older\.)?(testing.com地llowed.net)\.(com好et) [NC]
RewriteRule \.(jpe?g夙if在mp如ng)$ /images/nohotlinking.gif [L]

i assume this code doesnt allow direct requests, right?

isaaclloyd




msg:1498852
 11:33 pm on Feb 23, 2005 (gmt 0)

I'm not sure. But from what I have learned, your code should go like this:

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER}!^https?://(www\.)?(testing地llowed)\.(com好et) [NC]
RewriteRule \.(jpe?g夙if在mp如ng)$ /images/nohotlinking.gif [L]

~Isaac~

isaaclloyd




msg:1498853
 9:29 am on Feb 24, 2005 (gmt 0)

Hello again. I thought this code was working for me because it allowed images on my site, and even my secure site. What I later realized is that it allows my images to be viewed no matter what site. The actual "stop hotlinking" part is broken. Here is the end result script we came up with:

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER}!^https?://(www\.存ubdomain\.)?(domain1圬omain2)\.(com好et) [NC]
RewriteRule \.(jpe?g夙if在mp如ng)$ /images/nohotlinking.gif [L]

If anyone can see anything that might be messing it up, I would greatly apreciate any comments, suggestions, or ideas. When we acutally use the script we DO replace the "" with the real non broken bar. Thanks.

~Isaac~

supernuke




msg:1498854
 1:25 pm on Feb 24, 2005 (gmt 0)

Hello again

i have a little concern about this new code you posted, lets say im trying to allow only the domains: hulk.com that is my domain and spiderman.net that is an external domain i also posses and want to allow hotlinking from there.

then the code should be something like this:

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER}!^https?://(www\.存ubdomain\.)?(hulk存piderman)\.(com好et) [NC]
RewriteRule \.(gif多tm)$ hulk.com [L]

all hotlinking attempts should redirect to the index page of hulk.com, but what should i place instead of subdomain in the code?

jdMorgan




msg:1498855
 2:35 pm on Feb 24, 2005 (gmt 0)

We're getting into trouble here, because it's dangerous to take code and modify it without understanding it. You will be better off using a simple approach at first, and then optimizing it for your needs.

Another point is that you cannot redirect a browser that is requesting an image file to an html page. This will only work for direct URL type-ins of the image URL. Otherwise, the browser can't handle html code when it is expecting an image-format file in response to, say, an <img src="yoursite/image.gif"> request.

You have two choices; return an alternate image, or return a 403-Forbidden response.

Alternate image:

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?your_domain\.com [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?other_allowed_domain\.com [NC]
RewriteRule \.(gif夸pe?g)$ /alternate_image.gif [L]


Forbidden response:

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?your_domain\.com [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?other_allowed_domain\.com [NC]
RewriteRule \.(gif夸pe?g)$ - [F]

Get something simple like that working, and then modify it once you've researched how it works and thoroughly understand it. The resources cited in our charter may be useful in that regard.

Replace the broken pipe "¦" characters with solid pipes before use.
Flush your browser cache before testing any change to your access control code.

Jim

supernuke




msg:1498856
 3:02 pm on Feb 24, 2005 (gmt 0)

can i leave it like this?

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_REFERER}!^http://(www\.)?your_domain\.com [NC]
RewriteCond %{HTTP_REFERER}!^http://(www\.)?other_allowed_domain\.com [NC]
RewriteRule \.(gif&#65533;pe?g)$ /alternate_image.gif [L]

in order to prevent direct requests?

edit: ive just used this code, the original one doesnt work as anti-hotlinking because it allows direct requests, and the second one im posting here results into a 404 error page, i think there is something wrong with it

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved