Forum Moderators: phranque
I've been happily using .htaccess to prevent image hotlinking, thanks to JDMorgan's great assistance.
Now, however, when I tried to host images for an ebay auction, I find that my .htaccess prevents AOL users from seeing the images. This is only true if they have not turned of the AOL image compression feature and if they use AOL's browser. Of course, that's probably the majority of AOL users!
I'm guessing that the caching feature uses a different URL, so I may not be targeting the correct URL in my RewriteCond.
As a quick fix, I can turn off the hotlinking code. But I'm wondering if anyone knows how to fix it?
I had tried these two approaches.
RewriteCond %{HTTP_REFERER}!^http://(cgi\.¦www\.)?ebay\.com [NC]
RewriteCond %{HTTP_REFERER}!^http://(*\.)?ebay\.com [NC]Neither works for AOL compression/caching, but either seemed to work fine with Internet Explorer.
(of course this code was changed by the forum)
RewriteCond %{HTTP_REFERER}!^$The full code I was using is:
# on error send to default doc
ErrorDocument 404 /error.html
ErrorDocument 403 /error.html
ErrorDocument 410 /error.html# allow ssi with .html etal
AddType text/html .shtml .shtm .htm .html
AddHandler server-parsed .shtml .shtm .htm .html
Options +FollowSymLinks +Includes -Indexes
# Block image HotLinks from outside our domain except Google, AltaVista, Gigablast, Comet Systems, and SearchHippo translators and caches
RewriteEngine on
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!11.111\.11\.111/~myURL [NC]
RewriteCond %{HTTP_REFERER}!^http://(www\.)?(myURL¦myOtherURL)\.com [NC]
# for some versions of Netscape, mcomt add a condition to allow images on document.write-created pages
# (wysiwyg://[0-9]*/)? for netscape 4.75 on PC (Mac?)
# (wyciwyg://[0-9]*/)? for Netscape 7 (others?) on Mac
RewriteCond %{HTTP_REFERER}!^(wy[sc]iwyg://[0-9]*/)?http://(www\.)?(myURL¦myOtherURL)\.com [NC]
RewriteCond %{HTTP_REFERER}!^http://216\.239\.(3[2-9]¦[45][0-9]¦6[0-3]).*(www\.)?(myURL¦myOtherURL)\.com [NC]
RewriteCond %{HTTP_REFERER}!^http://babel.altavista.com/.*(www\.)?(myURL¦myOtherURL)\.com [NC]
RewriteCond %{HTTP_REFERER}!^http://216\.243\.113\.1/cgi/
RewriteCond %{HTTP_REFERER}!^http://search.*\.cometsystems\.com/search.*(www\.)?(myURL¦myOtherURL)\.com [NC]
RewriteCond %{HTTP_REFERER}!^http://.*searchhippo\.com.*(www\.)?(myURL¦myOtherURL)\.com [NC]
RewriteCond %{HTTP_REFERER}!^http://(cgi\.¦www\.)?ebay\.com [NC]
RewriteCond %{HTTP_REFERER}!^http://(*\.)?ebay\.com [NC]
RewriteRule \.(gif¦jpg¦jpeg?¦png)$ - [NC,F]
Just an idea...
Jim
I'm guessing that this is the AOL request:
205.188.209.48 - - [16/Dec/2003:15:03:50 -0800] "GET /ebay/images/outsideBox8.jpg HTTP/1.0" 304 - "http://cgi.aol.ebay.com/ws/eBayISAPI.dll?ViewItem&item=3164948368&category=18997&rd=1" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 7.0; Windows NT 5.1)"Maybe I should rewrite the condition like this:
RewriteCond %{HTTP_REFERER}!^http://(cgi\.¦cgi\.aol\.)ebay\.com [NC]or maybe this is good enough:
RewriteCond %{HTTP_REFERER}!^http://(*\.){1,}ebay\.com [NC]Any thoughts?
RewriteCond %{HTTP_REFERER}!^http://cgi\.(aol\.)?ebay\.com [NC]That one allows for the possibility that "aol." will be added to the referrer by AOL's use of image caching.
I was surprised that the more generic attempt didn't work:
RewriteCond %{HTTP_REFERER}!^http://(*\.){1,}ebay\.com [NC]I wanted to allow one or more clusters of any number of alphanumeric characters followed by a period: "****x.".
Perhaps I misunderstood the way to say this with Regular Expressions?
Maybe I needed to use something like:
RewriteCond %{HTTP_REFERER}!^http://(\.$)+ebay\.com [NC]
One of these should do:
!^http://(.+\.)+ebay\.com
- or just -
!^http://.+\.ebay\.com
Jim
Any of these seem to work with AOL in the AOL browser (as well as in Windows with IE):
RewriteCond %{HTTP_REFERER}!^http://cgi\.(aol\.)?ebay\.com [NC]
RewriteCond %{HTTP_REFERER}!^http://(.+\.)+ebay\.com [NC]
RewriteCond %{HTTP_REFERER}!^http://.+\.ebay\.com [NC]
