Forum Moderators: phranque
so i found this code:
RewriteEngine On
RewriteCond %{HTTP_REFERER}!^http://(www\.)?example\.com/ [NC
RewriteCond %{HTTP_REFERER}!^$
RewriteRule \.(jpe?g¦gif¦bmp¦png)$ images/nohotlink.jpg [L]
but it brings this error
"500 Internal Server Error"
so why?
i replaced example by my site's name
thanks in advance
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com [NC]
RewriteRule \.(jpe?g¦gif¦bmp¦png)$ /images/nohotlink.jpg [L]
Important: Flush your browser cache before and during testing to prevent unexpected results from browser-cached images.
Jim
RewriteEngine On
# redirect images
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://(www\.)?anywebsite\.com/ [NC]
RewriteRule \.(gif¦jpe?g?)$ /no.$1 [NC,L]
# block scripts
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://(www\.)?anywebsite\.com/ [NC]
RewriteRule \.(cgi¦pl)$ - [NC,F]
Also, would this not block the cgi based form handler if one were on the site? I think I am having problems with the syntax above as it refers to cgi also. Any feedback would be appreciated.
Jio
-------------------------------
JD,
Yes, I noticed that when pasting the syntax in my reply that the solid pipe characters were replaced with broken pipe characters after posting. I am aware that only solid pipe characters should be in the syntax but thanks for pointing this website's quirky habit out to all of us.
Jio
Every site is different. Some prefer to redirect image hotlinkers to a "special" alternate image, and some prefer to simply return a 403-Forbidden. I prefer the latter, since it dispenses with the problem using minimum bandwidth, and makes the hotlinker's site look broken. But this accounts for the various versions of the hotlink-prevention code you find.
You may need to add an exclusion to prevent rewriting your cgi form handler. Something like:
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example.com\.com [NC]
RewriteCond %{REQUEST_URI} !^/path_to_your_form_handler\.cgi$
RewriteRule \.(cgi¦pl)$ - [NC,F]
Jim
Jim,
Do you mean URL or URI?
Jio
I am unable to determine where the path to the vti bin is. What file(s) should I be looking for? Also, I tried various changes and nothing worked. I ended up deleting everything after the Order directives which I combined as suggested. Only then did the form handler work but now I will not have hotlinking protection or anything else. Any advice or links for review?
Jio
Frontpage and .htaccess don't play nice together. The following thread discusses the problem and a fix: [webmasterworld.com...]
Jim
Jim
The old thread [webmasterworld.com...] provided all of the pertinent information that was helpful with my questions. However, When I use the following syntax:
<Limit GET POST>
Order Deny,Allow
Deny from all
Allow from all
</Limit>
I am still unable to access anything on the site and a 403 is issued. So, my questions are these:
1. The syntax above means that nobody is allowed to GET any pages or POST anything to the site if forms or blogs or bb's are used and a SS engine is used to drive the data? Correct?
2. Should the syntax above be changed to "Allow from all" and remove the "Deny from all" so that way anyone can access the site and all its allowable pages? If I were to do this what would the impact be since it allows me to access the site only when I delete "Deny from all" from the syntax above.
3. Is the correct syntax:
Order Deny,Allow
or is it:
Order Allow,Deny
and does it matter whether "Deny from" or "Allow from" appears first underneath the first line of the directive?
As for all of the other issues I am going through them all one by one to see if I am come up with a workable solution for my needs. It seems as if the older versions of Apache softare are contributing to this? Who knows? However, my server is running Apache/1.3.31 Server at www.example.com Port 80.
I will post again once I find something else that needs addressing.
Jio
1. The syntax above means that nobody is allowed to GET any pages or POST anything to the site if forms or blogs or bb's are used and a SS engine is used to drive the data? Correct?
No, it means that anybody is allowed to use any method whatsoever to access your server. The code --as written-- does nothing, because it contains "Allow from all", and the Order Deny,Allow directive specifies that Allow from overrides Deny From.
2. Should the syntax above be changed to "Allow from all" and remove the "Deny from all" so that way anyone can access the site and all its allowable pages? If I were to do this what would the impact be since it allows me to access the site only when I delete "Deny from all" from the syntax above.
There would be no change. You're most likely having problems because you forgot to flush your browser cache after changing the code, which interferes with testing.
3. Is the correct syntax:Order Deny,Allow
or is it:
Order Allow,Deny
If you reverse the Order, then no one will be able to GET or POST. However, regardless of the order, anyone can DELETE, SEARCH, do a PROPFIND, or whatever. I'd suggest that you either don't need a container like <Limit> at all, or that some other container, such as <Files> might be more appropriate.
and does it matter whether "Deny from" or "Allow from" appears first underneath the first line of the directive?
No, this never makes any difference. Multiple Allow from and Deny from directives are allowed, and can be in any order.
Allow me to suggest that the best use of your time might be to go to the Apache site and read the documentation [httpd.apache.org]. This will help you to understand the code, and help to focus your questions. Then please start your own thread and be very specific, as it's impossible to infer from what is posted here exactly what you're trying to do, and what that has to do with the original thread owner's question.
Jim
Jio
