Forum Moderators: phranque
I am trying to establish hotlink protection on my website and having all sorts of problems.
I am on a Zeus webserver thanks to my hosting company but i have submitted a working .htaccess file from another location to them and they returned a "working" file back to me.
I submitted this:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?example\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g夙if在mp如ng)$ /images/donotsteal.jpg [L]
And they returned this:
RULE_0_START:
match URL into $ with \.(jpe?g夙if在mp如ng)$
if not matched then goto RULE_0_END
# Source line 2
# RewriteCond %{HTTP_REFERER} !^http://(.+\.)?example\.com/ [NC
set SCRATCH:COND = %{IN:Referer}
match SCRATCH:COND into % with ^http://(.+\.)?example\.com/
if matched then goto RULE_0_END
# Source line 3
# RewriteCond %{HTTP_REFERER} !^$
set SCRATCH:COND = %{IN:Referer}
match SCRATCH:COND into % with ^$
if matched then goto RULE_0_END
# Source line 4
# Second half of: RewriteRule \.(jpe?g夙if在mp如ng)$ /Images/donotsteal.jpg [L]
set URL = /Images/donotsteal.jpg
# This rule has [L]
goto END
RULE_0_END:
I can see how it has been altered to work on the Zeus server but the effect it gives is quite wierd.
If i start up my browser and the default page comes up, then i browse to the root URL, I get the page displayed with all images showing the error image instead.
It is as if the Zues code is stopping anyone from getting to the images including the sites own location.
Can anyone advise?
many thanks,
Rob.
[edited by: jdMorgan at 11:26 pm (utc) on Mar. 29, 2006]
[edit reason] No URLs, please. See Terms of Service. [/edit]
Welcome to WebmasterWorld!
They changed the logic a bit, but it looks OK. Basically, they set it up to exit if the requested file is not an image, if the referrer is your own site, or if the referrer is blank. Otherwise, they redirect to the donotsteal.jpg replacement image. However, it sounds like the blank-check part is not working, even though it looks like it should -- I know nothing of Zeus's 'mod_rewrite' code, but the code is consistent enough to say that it looks correct.
Alternatively (and maybe more likely), your browser is simply serving you a cached copy of donotsteal.jpg, making your testing invalid -- try flushing your browser cache between tests.
Jim
Thanks for that help.
I've done a few tests now with browser cache clearing and found that it really is not catching the fact that if I am on my own site looking at index.html then I should be able to see the images.
In fact it seems to have looked at the literal referring (previous) page i was at and rejects my image viewing based on that.
So if i'm on index.html and click on the images that take me further into the site, suddenly I get images again - suggesting that now my referrer page is correct to allow images to be presented.
But when i've used htaccess in the past - the web server recognises that you are actually looking at the site through the correct page and does not ues the actual referring page as a guide... i'm in contact with Zeus but they are already saying that my host are not doing something normal with the method which suggests that this could be the problem. Anyone else that has thoughts would be wonderful to hear from you.
Rob.
The only way that the server can tell that "you are on your own site" is by using the HTTP_REFERER, unless you use a cookies-and-script solution (pages on your site set the cookie, and the script checks for it before allowing images to be served). However, a request for an image on your home page will be made with the HTTP_REFERER request header set to the URL of your home page, so these image requests should 'work' OK. Perhaps a detailed review of your access logs with this in mind might reveal a problem.
Again, sorry, but I can only speak in generalities, since I haven't used Zeus servers.
Jim
