preventing hotlinking to web users

Forum Moderators: phranque

Message Too Old, No Replies

preventing hotlinking to web users

My mod_rewrite doesn't affect /~folders/ ..

Warboss Alex

10:20 am on May 7, 2004 (gmt 0)

Hey all,

I'm using mod_rewrite to protect the images on my website, specifically the following code:

RewriteEngine on
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://mydomain.com/.*$ "NC"
RewriteCond %{HTTP_REFERER}!^http://www.mydomain.com/.*$ "NC"
RewriteRule .*\.(gif¦GIF¦jpg¦JPG)$ - "F"

This works fine, except for the web users I have on my site.

E.g. a request for [mydomain.com...] works..

I tried putting a different htaccess file in the webuser directory, using

RewriteEngine on
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://mydomain.com/~webuser/.*$ "NC"
RewriteCond %{HTTP_REFERER}!^http://www.mydomain.com/~webuser/.*$ "NC"
RewriteRule .*\.(gif¦GIF¦jpg¦JPG)$ - "F"

But this doesn't seem to work. Any idea what I'm doing wrong? (and yes, I am actually linking the images in an off-site document, not just requesting them directly in the browser..)

jdMorgan

2:45 pm on May 7, 2004 (gmt 0)

If this code works for your main directory, then it should work for your subdirectories as well. This assumes that /~user *is* a subdirectory of your main directory where your mod_rewrite code is installed.

The syntax in your code looks a little strange - specifically, the quotes around the flags instead of square brackets - and you can make it more efficient with the changes below, but if your version works, it works.


RewriteEngine on
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com [NC]
RewriteRule \.(gif¦jpg)$ - [NC,F]

The only things I can think of are A) that the user directories are implented as true, separate virtual hosts, or B) that something else, such as cached copies of the images, is interfering with your testing. If the former, then your rewrite rules will have to be placed in httpd.conf in order to take effect in the user directories. If the latter, then you'll need to flush all the caches between your browser and the server before each test of new code.

Jim

Warboss Alex

4:26 pm on May 7, 2004 (gmt 0)

Your code didn't work, so I went to users directory (/~folder/) and uploaded the following code:

RewriteEngine on
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://(www\.)?mydomain.com/~folder/.*$ [NC]
RewriteRule \.(gif¦jpg)$ - [F]

And that appears to work .. Also get a 403 Forbidden message when I try to load the file in the browser, but that's assumedly a pleasant side-effect :)

Thanks for your help.

jdMorgan

5:05 pm on May 7, 2004 (gmt 0)

> ...didn't work.

If you cut and past the code, be aware that you'll have to change the "¦" broken pipe character back to to a solid pipe before use.

Based on your original code, you might want to add the [NC] (no case) flag to the RewriteRule to restore the original code's case-insensitivity on image filenames. Also, using ".*$" is redundant -- just leave off the end anchor as shown.


RewriteEngine on
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com/~folder/ [NC]
RewriteRule \.(gif¦jpg)$ - [NC,F]

Jim

Warboss Alex

6:21 pm on May 7, 2004 (gmt 0)

Yeah, I changed the pipe. Or maybe pasted again and forgot to change..

All seems to be working now, though, thanks man.