Welcome to WebmasterWorld Guest from 54.226.62.251

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

.htaccess & hotlink problem (mysub.mydomain.com)

getting .htaccess to work

     

isaaclloyd

4:21 am on Feb 22, 2005 (gmt 0)

10+ Year Member



Heres what I am trying to get working:

RewriteEngine On
RewriteCond %{HTTP_REFERER}!^http://(www\.)?mydomain\.com/ [NC]
RewriteCond %{HTTP_REFERER}!^http://(subdomain\.)?mydomain\.com/ [NC]
RewriteCond %{HTTP_REFERER}!^$
RewriteRule \.(jpe?g夙if在mp如ng)$ images/nohotlinking.gif [L]

I am trying to get the .htaccess to allow hotlinking from the main domain and the sub domain. However the sub domain does NOT go: www.mydomain.com/subdomain it goes like this: subdomain.mydomain.com

Any help or comments would greatly be apreciated. Thanks.

~Isaac~

P.S. The code above does not work...

jdMorgan

4:59 am on Feb 22, 2005 (gmt 0)

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Isaac,

Welcome to WebmasterWorld!

In that case, you can simplify your rule set.


RewriteEngine On
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www存ubdomain\.)?mydomain\.com [NC]
RewriteRule \.(jpe?g夙if在mp如ng)$ [b]/i[/b]mages/nohotlinking.gif [L]

"." is equivalent to "!^$", just shorter.

Don't include "/" at the end of domain names. Otherwise, a simple way to break or defeat your rules would be to append a port number, as in "example.com:80/"

I recommend 'rooting' the substitution URL-path unless you have a reason no to.

Note that posting on this board modifies the pipe characters used for in-line ORing. Change the broken pipe "" characters to solid pipes before use!

Jim

isaaclloyd

6:58 am on Feb 22, 2005 (gmt 0)

10+ Year Member



In my old code:

RewriteEngine On
RewriteCond %{HTTP_REFERER}!^http://(www\.)?mydomain\.com [NC]
RewriteCond %{HTTP_REFERER}!^http://(secure\.)?newdomain\.net [NC]
RewriteCond %{HTTP_REFERER}!^$
RewriteRule \.(jpe?g夙if在mp如ng)$ /images/nohotlinking.gif [L]

I also need one referal to be .net and the code you came up with didn't work for me. Basically I need to be allowed to hotlink from 2 different addresses. One from: http://www.mydomain.com and the other: http://secure.newdomain.net

I apreciate the help. Thanks.

~Isaac~

isaaclloyd

12:15 am on Feb 23, 2005 (gmt 0)

10+ Year Member



Can anyone tell me what I might be doing wrong in this new code I have come up with:

RewriteEngine On
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER}!^http://(www存ecure\.)?mydomain(.\com.net) [NC]
RewriteRule \.(jpe?g夙if在mp如ng)$ /images/nohotlinking.gif [L]

Thanks.

~Isaac~

isaaclloyd

12:28 am on Feb 23, 2005 (gmt 0)

10+ Year Member



sorry for another post... I continue to try an figure this out as I post. Heres what I need, only I need it to work:


RewriteEngine On
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER}!^http://(www存ubdomain\.)?(domain1圬omain2)?\.com\.net [NC]
RewriteRule \.(jpe?g夙if在mp如ng)$ /images/nohotlinking.gif [L]

Any comments or suggestions would greatly be apreciated. Thanks.

~Isaac~

jdMorgan

2:27 am on Feb 23, 2005 (gmt 0)

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member



 Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.存ubdomain\.)?(domain1圬omain2)\.(com好et) [NC]
RewriteRule \.(jpe?g夙if在mp如ng)$ /images/nohotlinking.gif [L]

Flush your browser cache (Temporary Internet Files) before each test of modified code. Once an image is in your browser cache, it won't be fetched from your server until the cache expires. If it's not fetched from your server, then serve-side access-control code can have no effect.

Posting on this board modifies the pipe characters used above for in-line ORing. Change the broken pipe "" characters to solid pipes before use!

If you still have problems, please describe the problem and include the contents of your server error log.

Jim

isaaclloyd

7:33 am on Feb 23, 2005 (gmt 0)

10+ Year Member




Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER}!^http://(www\.存ubdomain\.)?(domain1圬omain2)\.(com好et) [NC]
RewriteRule \.(jpe?g夙if在mp如ng)$ /images/nohotlinking.gif [L]

The code you provided should work. However I am still not seeing the images on the site. The goal of this code is to allow my SSL pages to use the images on the site. I have www.mydomain.com and secure.mydomain.com When I am on a page at secure.mydomain.com it doesn't show the images. Not even the hotlinked image, just a blank space with an X. I got no errors or error logs. It just plainly doesn't show my image. However the page is still secure. The source for any images on the secure pages is: <IMG SRC="images/mypic.jpg"> Thanks again, I do apreciate the help.

~Isaac~

jdMorgan

5:49 pm on Feb 23, 2005 (gmt 0)

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member



You'll need to change the "http" in the referer to "https?" in order to allow both secure and insecure pages to access to your images.

Jim

isaaclloyd

6:05 pm on Feb 23, 2005 (gmt 0)

10+ Year Member



Can I do this then:

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER}!^(http://多ttps://)(www\.存ubdomain\.)?(domain1圬omain2)\.(com好et) [NC]
RewriteRule \.(jpe?g夙if在mp如ng)$ /images/nohotlinking.gif [L]

Thanks.
~Isaac~

jdMorgan

6:38 pm on Feb 23, 2005 (gmt 0)

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member



No, this is shorter and faster and entirely equivalent:

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER}!^htt[b]ps?://[/b](www\.存ubdomain\.)?(domain1圬omain2)\.(com好et) [NC]
RewriteRule \.(jpe?g夙if在mp如ng)$ /images/nohotlinking.gif [L]

As in the other cases, "?" is a regular-expressions token that makes the preceding character or parenthetically-grouped expressions optional.

Jim

isaaclloyd

6:56 pm on Feb 23, 2005 (gmt 0)

10+ Year Member



It worked! Thank you very much for your help. I do apreciate it.

~Isaac~

supernuke

10:53 pm on Feb 23, 2005 (gmt 0)

10+ Year Member



hi

trying this code then

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER}!^https?://(www\.存ubdomain\.)?(domain1圬omain2)\.(com好et) [NC]
RewriteRule \.(jpe?g夙if在mp如ng)$ /images/nohotlinking.gif [L]

lets say my domain 1 is testing.com and my domain 2 is allowd.net, then i should change the code above for this one?

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER}!^https?://(www\.圩older\.)?(testing.com地llowed.net)\.(com好et) [NC]
RewriteRule \.(jpe?g夙if在mp如ng)$ /images/nohotlinking.gif [L]

i assume this code doesnt allow direct requests, right?

isaaclloyd

11:33 pm on Feb 23, 2005 (gmt 0)

10+ Year Member



I'm not sure. But from what I have learned, your code should go like this:

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER}!^https?://(www\.)?(testing地llowed)\.(com好et) [NC]
RewriteRule \.(jpe?g夙if在mp如ng)$ /images/nohotlinking.gif [L]

~Isaac~

isaaclloyd

9:29 am on Feb 24, 2005 (gmt 0)

10+ Year Member



Hello again. I thought this code was working for me because it allowed images on my site, and even my secure site. What I later realized is that it allows my images to be viewed no matter what site. The actual "stop hotlinking" part is broken. Here is the end result script we came up with:

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER}!^https?://(www\.存ubdomain\.)?(domain1圬omain2)\.(com好et) [NC]
RewriteRule \.(jpe?g夙if在mp如ng)$ /images/nohotlinking.gif [L]

If anyone can see anything that might be messing it up, I would greatly apreciate any comments, suggestions, or ideas. When we acutally use the script we DO replace the "" with the real non broken bar. Thanks.

~Isaac~

supernuke

1:25 pm on Feb 24, 2005 (gmt 0)

10+ Year Member



Hello again

i have a little concern about this new code you posted, lets say im trying to allow only the domains: hulk.com that is my domain and spiderman.net that is an external domain i also posses and want to allow hotlinking from there.

then the code should be something like this:

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER}!^https?://(www\.存ubdomain\.)?(hulk存piderman)\.(com好et) [NC]
RewriteRule \.(gif多tm)$ hulk.com [L]

all hotlinking attempts should redirect to the index page of hulk.com, but what should i place instead of subdomain in the code?

jdMorgan

2:35 pm on Feb 24, 2005 (gmt 0)

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member



We're getting into trouble here, because it's dangerous to take code and modify it without understanding it. You will be better off using a simple approach at first, and then optimizing it for your needs.

Another point is that you cannot redirect a browser that is requesting an image file to an html page. This will only work for direct URL type-ins of the image URL. Otherwise, the browser can't handle html code when it is expecting an image-format file in response to, say, an <img src="yoursite/image.gif"> request.

You have two choices; return an alternate image, or return a 403-Forbidden response.

Alternate image:


Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?your_domain\.com [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?other_allowed_domain\.com [NC]
RewriteRule \.(gif夸pe?g)$ /alternate_image.gif [L]


Forbidden response:

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?your_domain\.com [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?other_allowed_domain\.com [NC]
RewriteRule \.(gif夸pe?g)$ - [F]

Get something simple like that working, and then modify it once you've researched how it works and thoroughly understand it. The resources cited in our charter may be useful in that regard.

Replace the broken pipe "¦" characters with solid pipes before use.
Flush your browser cache before testing any change to your access control code.

Jim

supernuke

3:02 pm on Feb 24, 2005 (gmt 0)

10+ Year Member



can i leave it like this?

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_REFERER}!^http://(www\.)?your_domain\.com [NC]
RewriteCond %{HTTP_REFERER}!^http://(www\.)?other_allowed_domain\.com [NC]
RewriteRule \.(gif&#65533;pe?g)$ /alternate_image.gif [L]

in order to prevent direct requests?

edit: ive just used this code, the original one doesnt work as anti-hotlinking because it allows direct requests, and the second one im posting here results into a 404 error page, i think there is something wrong with it