Hotlink blocking - Apache Web Server forum at WebmasterWorld - WebmasterWorld

Forum Moderators: phranque

Message Too Old, No Replies

Hotlink blocking

bandaiii

9:37 am on Feb 3, 2006 (gmt 0)

10+ Year Member

Hi All,

I have some problems with my outlink blocking, I have tried 2 different methods,
1st
SetEnvIfNoCase Referer "^http://(www\.)?example.com" local_referer
SetEnvIfNoCase Referer "^$" local_referer
<FilesMatch ".mp3">
Order Deny,Allow
Deny from all
Allow from env=local_referer
</FilesMatch>

This one doesn't work at all!

2nd
RewriteEngine on
RewriteCond %{HTTP_REFERER}!^http://([a-z0-9\-]+\.)?example\.com .*$ [NC]
rewriterule .(mp3ŚMP3ŚmP3ŚMp3)$ - [F]

this one does block all outlinking.

What I want to do is to prevent people getting the file from my site, but allow my site visitor see/get my files.

I also used the rewrite_engine to rewrite the url internally, will this be a problem?
Here is the rewrite code:
RewriteCond %{THE_REQUEST} \ /([0-9]+)-([0-9]+)/([^\/]+)(\?.Ś\ .)
RewriteCond %{REQUEST_FILENAME}!main\.php
RewriteRule . /main.php?g2_view=core.DownloadItem&g2_itemId=%1&g2_serialNumber=%2 [QSA,L]

RewriteCond %{THE_REQUEST} \ /([^?]+)(\?.Ś\ .)
RewriteCond %{REQUEST_FILENAME}!main\.php
RewriteRule . /main.php?g2_view=core.ShowItem&g2_path=%1 [QSA,L]

Thanks all.

Sing

[edited by: jdMorgan at 2:03 pm (utc) on Feb. 3, 2006]
[edit reason] No URLs, please. See Terms of Service. [/edit]

Matt Probert

6:36 pm on Feb 3, 2006 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

What I want to do is to prevent people getting the file from my site, but allow my site visitor see/get my files.

I assume you mean you don't want any other domain to access your files within their pages? Only within pages from your own domain?

If so:

RewriteEngine on
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(mp3)$ - [F]

It's easier if all your MP3s are named in the same case!

Matt

jdMorgan

9:23 pm on Feb 3, 2006 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

With a few clean-ups:


RewriteEngine on
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com [NC]
RewriteRule \.mp3$ - [NC,F]

This version will work if a port number is appended to the hostname, i.e. example.com:80/my.mp3.
It will also work with any mixture of uppercase/lowercase in "mp3".
A few other unnecessary characters removed, because they add no functionality, and it's faster to not process them.

Note: Flush your browser cache before testing any change to access control code. Otherwise your browser will cache the file and serve it from cache, making it appear that the file can still be hotlinked.

This code must (and does) allow blank referrers. It must allow blank referrers because otherwise, many legitimate users will be blocked if they are behind corporate or ISP caching proxies. This means that not all hotlinking can be stopped, but that enough can be stopped so the that the hotlinking sites look broken, and the webmasters are therefore likely to remove the hotlink to your site.

There is no referrer-based method to block hotlinkers that is 100% reliable. If you need better protection, then a cookies-based script is required. Or you can rename your files or file directories periodically to defeat them. Either way, you will probably need a script.

Jim