Forum Moderators: phranque
I have used the standard anti-leech protection for a few months, it looks like:
RewriteEngine On
RewriteCond %{HTTP_REFERER}!^http://site-i-allow-to-hotlink-from-me-so-do-not-block/.*$ [NC]
RewriteRule .*\.(jpg¦jpeg¦gif¦png¦bmp)$ http://mysite [R,NC]
The problem is that my site blocks all people. I cannot exclude a site from the anti leeching. Even if I set the url in the script, it still doesn't work. I have about 50 sites listed in the .htaccess on my site, but its to no use.
Also, perfectly ligitimate users are detected as leeching. I used to redirect leechers to a "special" page till I found out that only 1 or two of every ten visitors from a huge site I get traffic from actually sees the page requested...the rest are redirected to the main page. I did that to try and capture them from closing the window like they did on my leech page.
That code is the generic generated version from my host. Is there something better. I read of a mentioning of a blank referer but it simply confused me more when I read the logic behind it.
Is this the right code for what I want, and can anything be added?
Also, I've had people requesting directories get "caught" as leechers even though they were ligitimate. The script is only set to images, so why would that happen.
alternately, I've been thinking of coding something I understand...such as a PHP script which check referer and whether a cookie was set when they landed on my site, etc...I know how to do that, but its soo much trouble. If I could cover all files with one script...thats the best choice.
Thank you for any help!
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://(www.)?domain.com [NC]
RewriteCond %{HTTP_REFERER}!.*search\?q\=cache.* [NC]
RewriteCond %{HTTP_REFERER}!.*search/cache\?.* [NC]
RewriteCond %{HTTP_REFERER}!^http://www.otherdomain.com/folder/folder/ [NC]
RewriteRule .*\.(jpg¦gif¦mpg¦mp4¦jar¦mcp¦java)$ [domain.com...] [R,L]
1. allow blank referrers.
2. if referrer is not domain.com or www.domain.com
3. if referrer is not google's cache. Allows G's cache to show the images.
4. if referrer is not yahoo's cache. Allows Y's cache to show the images.
5. Other domain, allowed to hotlink
6. Send requests for these files to homepage
Note: there should be a space between } !
And replace the¦ with a solid pipe.
Also, how could I exclude a directory from those rules (since that file will be placed in my root dir)...say one with just a few images like an avatar/signature?
Yes, that's right.
>> Also, how could I exclude a directory from those rules?
You could put another .htaccess in that directory with "RewriteEngine Off" in it (without the quotes).
To exclude a particular directory on your server from these restrictions, just add another RewriteCond:
...
RewriteCond %{HTTP_REFERER} !^http://www.otherdomain.com/folder/folder/ [NC]
[b]RewriteCond %{REQUEST_URI} !^/path_to_avatar_directory/[/b]
RewriteRule \.(jpg¦gif¦mpg¦mp4¦jar¦mcp¦java)$ http://www.domain.com/ [R,L]
Also, I strongly suggest you do not use an external redirect for this purpose, and there is no use trying to redirect an image request (or any imbedded <src=.. > request) to an html page -- the browsers simply can't handle it. Either rewrite the image request to a replacement image, or simply return a 403-Forbidden response. Using a replacement image, you could replace any hotlinked image with an image of your URL, saying "This image stolen from mydomain.com -- Visit today!", for example. Video and java hotlink requests should simply be blocked.
So, that makes the RewriteRule either:
RewriteRule \.(jpg¦gif¦mpg¦mp4¦jar¦mcp¦java)$ - [F]
RewriteRule \.(jpg¦gif)$ /replacement_file.$1 [L]
But about the redirecting from an image to a page.. I've read about that on several places, but I'm using that method for over a year now and have not yet seen a problem.
That is.. in case of a request for an image from a not-allowed domain the server tries to replace the image with a page. Well that makes no sense. But on the other hand, if someone searches for an image and clicks on the link to go straight to the image I like it better that the browser is redirected to the front of my site instead of serving a 403 page.
I'd like to have an image display for hotlinked images, but it would appear stretched, etc...which is better than an [x] but I also would like to capture the user if they are direct requesting an image but not from my site.
Still you guys are invaluable. Otherwise I'd still be floundering using trial and error to get what I've seen done.
