homepage Welcome to WebmasterWorld Guest from 54.227.141.230
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Accredited PayPal World Seller

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
HTACCESS/modrewrite takes exception to FLASH files?
Flash SWFs are only exception in ModRewrite for strange reason
Rabies




msg:1520893
 7:34 pm on Nov 24, 2002 (gmt 0)

First off, hello I am new here! Secondly, I am intermediate web guy when it comes to server issues, but very newbie when it comes to HTACCESS and HTTPD.CONF. Here's my problem:

I wanted to block hotlinkers from certain files. Now, this is an old issue with plenty of advice on the net. In fact, this thread here was very useful: [webmasterworld.com...]

MY PROBLEM: My HTACCESS / Rewrite does its job in that it will block or redirect links to all files within a particular directory (I have in there, a GIF, JPG, HTML, and a SWF for testing).

I tested by creating a test page on the "approved" site and another test page on a different server entirely. I also tested by typing URLs directly in the browser.

All tests do what they should EXCEPT one: Flash files that are embedded in the "approved" test page will NOT load! (Browser: IE 6.0) Everything else, such as the GIF and JPG loads up fine (since its the test page that SHOULD be allowed to do so). If I removed my HTACCESS file entirely, then that fixes the problem and the Flash files load (but obviously, my files are then open to linkers).

Anyone out there know a solution? I suspect that since Flash files load up in a plug-in rather than directly, something is then not right about the refferer information?
*** And here's another twist: My test page works perfectly in NETSCAPE 4.7. Why would that be?

Here's my HTACCESS FILE:


Options +FollowSymlinks
RewriteEngine On
RewriteCond %{HTTP_REFERER}!^http://([a-z0-9-]+\.)*mysite.com/ [NC]
RewriteCond %{HTTP_REFERER}!^http://([a-z0-9-]+\.)*myIP/ [NC]
RewriteRule ^.*$ http://sitetosendthemto.com [L,R]

HELP!

 

jdMorgan




msg:1520894
 7:49 pm on Nov 24, 2002 (gmt 0)

Rabies,

The flash file requests may not be providing a referer - check your logs.
You can try adding an exclusion for the no referer case:

Options +FollowSymlinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)*mysite.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://myIP/ [NC]
RewriteRule .* http://sitetosendthemto.com [L,R]

Jim

Rabies




msg:1520895
 9:01 pm on Nov 24, 2002 (gmt 0)

Unfortunately your suggestion seems to just allow the hotlinking of the Flash files from whatever site.

BUT it's a start! So I've implemented it so far and I see some offending sites now have their link redirected to my home page. But I wonder if it's possible for the redirection to load into a new window ("_blank")? How would the syntax for that go?

RB

jdMorgan




msg:1520896
 9:20 pm on Nov 24, 2002 (gmt 0)

Rabies,

your suggestion seems to just allow the hotlinking of the Flash files

If you qualify that with "without a referer," then that is true. However, if the user's plug-in doesn't provide a referer on flash requests, you don't have a choice. You will have to use more sophisticated referer-less hotlink blocks. Without a referer, you can't tell without analysis whether the request is a hot-link request or a user.

I presume that you still can't load the .swf's.

What does your raw server log show for a failed .swf file request?

Jim

Rabies




msg:1520897
 9:44 pm on Nov 24, 2002 (gmt 0)

I can load the SWFs if I use your additional no-referrer line. But as mentioned, my test pages on other sites also can as a result.

I removed it and tested my old htaccess again and checked the referrer logs so I could answer your question. Guess what? There are no error log entries created for those non-working Flash file requests. Strange is it not?

(I know my log was up to date, because I purposely entered a non-existing page request, to create a record of when I was testing... No entries exist prior to that, with timestamps equal to my test time.)

I'm stumped.

jdMorgan




msg:1520898
 9:56 pm on Nov 24, 2002 (gmt 0)

Rabies,

Check your raw server (request) log, not the error log. I suspect you will find that all (or a majority) of .swf file requests have no referer.

Blocking by referer is problematic, as you have found. Up to 30% of all requests will not have a referer. If you block all referer-less accesses, then it is possible that 25% of your legitimate visitors will think your site is broken. So you're damned if you do, damned if you don't.

I have the same problem with .jpg image files. My policy is simply to check once a week to see if I am getting a lot of requests with the same referer. In that case, I investigate for hot-linking.

HTH,
Jim

Rabies




msg:1520899
 10:22 pm on Nov 24, 2002 (gmt 0)

And if there is hotlinking how do you deal with the problem? It's quite time-consuming to hunt down webmaster contact information and fire off cease-and-desist emails...

;-) RB

jdMorgan




msg:1520900
 10:33 pm on Nov 24, 2002 (gmt 0)

Rabies,

Block by referer if you have one. If not, you can block the user's IP address if you feel you need to.

You can also use mod_rewrite to change the pathname of the .swf files once a week - maybe just change the directory name where you keep them all. In this way, they don't really reside where it looks like they reside. You can use SSI includes, PHP, or PERL to allow you to change the references inside your site without massive multi-file search-and-replace.

Referers (or the lack thereof) are a pain in the posterior anatomy. That's why they rate the "Featured Thread" listing on the WebmasterWorld home page this week! With referers, there is no perfect solution. Too many corporate and ISP proxies block them, as does Norton Internet Security in its default configuration...

Jim

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved