Forum Moderators: phranque
I'm trying to protect my web images from hotlinking!
It's my first time with linux and Apache so I have tried some examples copied from internet like this but doesn't work:
RewriteEngine On
RewriteCond %{HTTP_REFERER}!^http://(www\.)?example\.com/ [NC
RewriteCond %{HTTP_REFERER}!^$
RewriteRule \.(jpe?g¦gif¦bmp¦png)$ images/nohotlink.jpg [L]
My internet host provides me with .htaccess
(AllowOverride, AuthConfig, Indexes, Limit)
directives
Any idea? thanks
Welcome to WebmasterWorld!
Since you didn't say *how* it didin't work, all I can suggest is to try this:
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule \.(jpe?g¦gif¦bmp¦png)$ /images/nohotlink.jpg [L]
If you get a 500-Server Error, then check your server error log file to see what the problem is.
The references cited in our forum charter [webmasterworld.com] may be useful to you as well.
Jim
I tell you how doesn't work! I have been doing some tries since I posted this.
I have now realized that it's just the same effect when I insert real ".httacces" code or I insert anything else like "afjaklfjñafjla"
It's the same efect.
Before puting .httacces with any code in my img/ directory simply I can't acces to any file in this directory.
¿I wonder if theres any way to know what's happening? ¿Is there a log file for .httaccess?
Thank you
What is your problem exactly? An "Error 500: internal server error"?
If so, here is why: your image "nohotlink.jpg" just match... your \.(jpe?g¦gif¦bmp¦png)$ regexp, so the request will loop until the "Error 500".
Just try to rename your image as "nohotlink.jPg" (with a capital "P"), so it will not match anymore.
Marino has indeed spotted a serious flaw in the code. To fix it, simply exclude requests for the replacement image from being rewritten:
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com [NC]
RewriteCond %{REQUEST_URI} !^/images/nohotlink\.jpg$
RewriteRule \.(jpe?g¦gif¦bmp¦png)$ /images/nohotlink.jpg [L]
i did what you say.
for example, my link is:
[mydomain.com...]
when i write this to a forum (another site) and click... hotlink protection works well!
but.. if i write this to adress bar (about_blank page) and click "go" download is starting...
how can i make this file available for only "clicks" in my site... no outcoming servers! and no "adress bar" entry...
thanks ;)
You can't -- not with a simple mod_rewrite solution, anyway. The HTTP_REFERRER value is notoriously unreliable, and often not present. Therefore, the code must allow blank referrers. Otherwise, it will block many users behind corporate and ISP caching proxies (like AOL), and all users who have Norton Internet Security installed on their machines.
The proper and thorough way to implement hotlink protection is to use a script that checks for a cookie set by your site, and then serves the images (kept in an HTTP-inaccessible directory) only if the cookie is present and correct. For even more security, set the cookie only after the user has logged in.
Jim
how can i do this? i'm liek rookie :) but i want to protect my "zip" links...
please help me...
Try some searches on the web for subjects combining scripts, cookies, access control, and hotlinking. You can probably buy a script to do what you need -- at least one and maybe hundreds (not my area of expertise, so not sure). But that's what it boils down to, learn to code this yourself or pay for it. You could use PHP or PERL for the script, so if you are fluent in either of those popular languages, they're both good choices. We also have forums specifically for those languages here on WebmasterWorld. In fact, they may have already discussed this subject over there.
The short description I gave above can serve as a to-do list for the steps of the project.
Jim
