Welcome to WebmasterWorld Guest from 54.167.153.63

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

Hotlinking .htaccess code doesn't seem to be working

   
10:29 am on Feb 19, 2013 (gmt 0)

10+ Year Member



Hi all

I've had an issue with a spate of 404s coming from a mis-named .jpg image that someone is likely hotlinking but has incorrectly written when coding.

So trying to hunt this down, I've looked on logs and webalizer etc and have come across a couple of websites hotlinking images on our site.

Thing is, I have hotlinking code in my .htaccess file to prevent this, so what is happening?

I've written out the code below - anyone let me know if there is an error there which is allowing hotlinking to happen - many thanks in advance.


SetEnvIfNoCase Referer "^https?://www.mainwebsite.co.uk" good
SetEnvIfNoCase Referer "^https?://mainwebsite.co.uk" good
SetEnvIfNoCase Referer "q=cache:.*mainwebsite.co.uk" good
SetEnvIfNoCase Referer "translate_c.*mainwebsite.co.uk" good
SetEnvIfNoCase Referer "^http://www.anotherofmywebsites.com" good
SetEnvIfNoCase Referer "^http://anotherofmywebsites.com" good
SetEnvIfNoCase Referer "q=cache:.*anotherofmywebsites.com" good
SetEnvIfNoCase Referer "translate_c.*anotherofmywebsites.com" good
SetEnvIfNoCase Referer "^http://www.andanotherofmywebsites.co.uk" good
SetEnvIfNoCase Referer "^http://andanotherofmywebsites.co.uk" good
SetEnvIfNoCase Referer "q=cache:.*andanotherofmywebsites.co.uk" good
SetEnvIfNoCase Referer "translate_c.*andanotherofmywebsites.co.uk" good

SetEnvIf Referer "^$" good

<FilesMatch ".(gif|jpe?g)$">
Order Allow,Deny
Allow from env=good
</FilesMatch>
1:06 pm on Feb 19, 2013 (gmt 0)

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



Holy smokes. I don't think I've ever seen it done with mod_setenvif before. The ordinary version uses mod_rewrite.

For starters, delete all NoCase elements. If the referer is in the wrong case, it's fake and you don't want them. As a bonus it will make the whole thing run faster.

Why does this require four separate lines?

SetEnvIfNoCase Referer "^https?://www.mainwebsite.co.uk" good
SetEnvIfNoCase Referer "^https?://mainwebsite.co.uk" good
SetEnvIfNoCase Referer "q=cache:.*mainwebsite.co.uk" good
SetEnvIfNoCase Referer "translate_c.*mainwebsite.co.uk" good

It all boils down to

SetEnvIf Referer mainwebsite\.co\.uk good


You never want to say .* in the middle of a Regular Expression. Constrain it to the exact text that you're matching, or at least [^.]*

Have you ever tested the code? Does it work in principle? Throw together a few lines of html including a call to one of your images, and open the page locally. The referer will come through as something like "http://localhost/" and you should see the door getting slammed in your own face. (I just double-checked this to make sure it doesn't come through with a null referer. Yup, NO HOTLINKS graphic, loud and clear.)

Are those environmental variables used for anything other than authorizing images? If not, toss them inside the <FilesMatch> envelope so the server doesn't have to plow through them at every request. (The mod_rewrite version of the hotlink blocker works on this principle. If the request isn't for an image, you don't even need to evaluate the conditions.)
2:46 pm on Feb 19, 2013 (gmt 0)

10+ Year Member



lucy - if only I knew. I'm really not heavily into this code so basically taken it from examples offered up on forums - such as this one.

Thanks for your help.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month