mod_rewrite, blocking hot linking, virtual hosts & httpd.conf

Forum Moderators: phranque

Message Too Old, No Replies

mod_rewrite, blocking hot linking, virtual hosts & httpd.conf

All mixed up and have searched high and low but no answer

BwanaZulia

11:23 pm on Mar 27, 2004 (gmt 0)

I really looked all around and could not find.

So, I am using Apache to proxy pass back to another server behind Apache and I use virtual hosts to do so. I would like Apache to block any hotlinking of images but everything I read or have found is for .htaccess file and not for httpd.conf

Why does this not work?

<VirtualHost 11.1.1.1.1:80>
ServerName www.domain.com
RewriteEngine on
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://domain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://www.domain.com/.*$ [NC]
RewriteRule ./*\.(gif¦GIF¦jpg¦JPG)$ - [F]
ProxyPass / [11.11.11.11:8080...] etc....
</VirtualHost>

Any help would be very and highly appreciated.

jdMorgan

12:21 am on Mar 28, 2004 (gmt 0)

BZ,

Can you please be more specific when you say "This doesn't work." - What does it do or not do that is unexpected? What is in your front-end server error logs? (I mean the server that this code is in.)

I see several minor problems with the code, but none that I would expect to be fatal.

Jim

BwanaZulia

12:47 am on Mar 28, 2004 (gmt 0)

I mean... it does not block the images from being hot linked.

The server runs fine, seems to everything it is supposed to do, but it is not blocking images (and I have cleared my cache on more than a few browsers).

jdMorgan

1:02 am on Mar 28, 2004 (gmt 0)

Well, the regex in the RewriteRule looked a bit suspect, so maybe try:


<VirtualHost 11.1.1.1.1:80>
ServerName www.domain.com
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain\.com [NC]
RewriteRule \.(gif�jpg)$ - [NC,F]
ProxyPass / http://11.11.11.11:8080/ etc....
</VirtualHost>

This will block any .gif, .GIF, .Jpg, .jPG, etc. file access for which a referer is provided when that referer is not your own domain. Basically, it's functionally almost the same as what you had, but cleaned up.

Jim

BwanaZulia

2:08 pm on Mar 28, 2004 (gmt 0)

Hi Jim,

Thanks for helping. I put this in my httpd.conf, restarted apache and it is still not blocking hot linked images (from other forums).

Am I just going crazy? :)

BwanaZulia

6:28 pm on Mar 29, 2004 (gmt 0)

So should I just take this as undoable?

I should not be able to block hot-linking of images with Apache, virtual hosts and proxy passing to another webserver?

jdMorgan

6:35 pm on Mar 29, 2004 (gmt 0)

No, it should work. But something's not set up right, and I certainly don't know what.

Jim

BwanaZulia

6:58 pm on Mar 29, 2004 (gmt 0)

Man, I really wish I knew why it wasn't working. I mean, the server is up and running just great. No issues.

BwanaZulia

1:49 am on Apr 7, 2004 (gmt 0)

Officially SOL? :)

I went back and tried everything again.

Nada.

jdMorgan

4:27 am on Apr 7, 2004 (gmt 0)

I wonder if the ProxyPass directive is being applied before any mod_rewrite directives are processed, thus by-passing your RewriteRule?

Since no-one else here seems to have tried this configuration, I'll throw out a few suggestions:

First, replace the mod_rewrite code with the equivalent mod_access code. It is possible that it may then be processed before the mod_proxy directives -- I don't know. Something like:


SetEnvIfNoCase Referer "^http://(www\.)?mydomain\.com" allowimages
SetEnvIf Referer "^$" allowimages
<FilesMatch "\.(gif�jpg)$">
Order Allow,Deny
Allow from allowimages
</FilesMatch>

Another thing to try is to break the problem in two. Put a different RewriteRule in there that does something simple, like creating an "alias" URL for a file on the back-end server. Then request that alias name, and see if it works -- basically trying to determine if the problem is in mod_proxy or in mod_rewrite...

An interesting problem -- I wish I knew more about this configuration.

Jim