mod_rewrite to stop hotlinking

Forum Moderators: phranque

Message Too Old, No Replies

mod_rewrite to stop hotlinking

using mod_rewrite .htaccess

FaceLikeBambi

8:05 pm on Oct 6, 2005 (gmt 0)

I want mp3, wav and pdf files stored in a specific folder to only be available when accessed from a php file on my site.

A typical php page is:
http://www.example.com/e107_plugins/eplayer/eplayer.php?cat.1.0.10

So I put this .htaccess file in the folder:

RewriteEngine on
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^www.example\.com/e107_plugins/eplayer/eplayer\.php.*$ [NC]
RewriteRule \.(wav¦mp3¦pdf)$ - [F]

It blocks any direct links to my files no problem... but also when they are accessed from my php pages? :(

Any suggestions welcomed! Thanks!

[edited by: jdMorgan at 9:14 pm (utc) on Oct. 6, 2005]
[edit reason] Example.com [/edit]

FaceLikeBambi

8:57 pm on Oct 6, 2005 (gmt 0)

Hmmm just noticed lots of these in the server log:

Options FollowSymLinks or SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden: /domains/example.com/public_html/e107_files/downloads/wmf_fearless.mp3

Could this explain why it's not working?

Thanks

[edited by: jdMorgan at 9:15 pm (utc) on Oct. 6, 2005]
[edit reason] Example.com [/edit]

jdMorgan

9:12 pm on Oct 6, 2005 (gmt 0)

The error log says you need to add


Options +FollowSymLinks

ahead of RewriteEngine on.

However, you said that your code 'worked' so there's a logical contradiction here... that I can't figure out.

So, test that first, and let us know.

Remember to flush your browser cache after any change to access-control code.

Jim

FaceLikeBambi

12:04 pm on Oct 7, 2005 (gmt 0)

Hiya

Thanks for getting back to me!

I was confused too - with the code in my first post, the files were getting blocked but the error was appearing in my server log every time.

Adding "Options +FollowSymLinks" to the code worked well, and I made a few changes to include a cookie check as follows (my first 'members' page sets the cookie with javascript):

Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)*mysite.com/ [NC]
RewriteCond %{HTTP_COOKIE} !(^¦(.+;)*)id=valid(;.*¦$)
RewriteRule /* http://%{HTTP_HOST}/ [R,L]

After several hours playing around, I found that this works fine... except Windows Media Player! When linking from mysite.com and with a valid cookie, it just says 'connecting to media...' and then says there is a codec problem. Delete the .htaccess file and it plays fine!

Quicktime played the file no probs.

So... I decided to allow my members to download the files rather than play direct from my site. A work-around... kind of ;)

Jason

[edited by: jdMorgan at 1:33 pm (utc) on Oct. 7, 2005]
[edit reason] Disabled smilies to clarify code [/edit]

jdMorgan

1:35 pm on Oct 7, 2005 (gmt 0)

Media Player doesn't send a referrer. See my comments about blank referrers in this recent thread [webmasterworld.com].

Jim

[edit] Corrected link. [/edit]

[edited by: jdMorgan at 9:33 pm (utc) on Oct. 7, 2005]

FaceLikeBambi

2:06 pm on Oct 7, 2005 (gmt 0)

Yep but I was hoping the cookie approach would get around that.... including a blank referrer opens things up a little too much for my liking ;)

Thanks