Welcome to WebmasterWorld Guest from 3.226.251.81

Forum Moderators: Ocean10000 & phranque

Message Too Old, No Replies

.htaccess newb needs help on hotlinking

very important to me and my site :(

     
10:22 pm on Dec 22, 2003 (gmt 0)

New User

10+ Year Member

joined:Dec 22, 2003
posts:4
votes: 0


ok, i got a huge rescource site up for a mod with a huge files database, my own traffic is about 10gigs per day but because of direct linking to the files i had about 13gb per day only download traffic ...
i have set a .htaccess file now in the with this content:

SetEnvIfNoCase Referer ^http://(<^/>*\.)?www.domain\.tld access_is_ok
SetEnvIfNoCase Referer ^http://(<^/>*\.)?domain\.tld access_is_ok
Order deny,allow
Deny from all
Allow from env=access_is_ok

so ... direct linking and leeching from other sites is not possible anymore... but ...i get email from lots of peoples now telling me that they cant download from my site anymore when a download manager is used.

i thought about setting up a cookie valid for like 30 minutes when you enter my site and .htaccess checks if the cookie exists and is valid when you want to download a file ... but i dont know if that is possible with .htaccess nor how such a file would look like :(

btw. as download system i use Powerdownload 2.2.4

id be glad if someone can help me out with a better solution then mine asap ...

thnx in advance

DJ-Ready

12:22 am on Dec 23, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


DJ-Ready,

Welcome to WebmasterWorld [webmasterworld.com]!

You need to consider either enabling blank referrers, or allowing access by User-Agent.

Look at your raw server logs for downloads that failed, and see which user-agents appear to be the problem.

Jim

3:09 pm on Dec 23, 2003 (gmt 0)

New User

10+ Year Member

joined:Dec 22, 2003
posts:4
votes: 0


well, i never worked with htaccess before .. and i dont know what you mean with user agent ...
someone gave me another htaccess file that should work... but when i upload that file to my files directory i only get 404 errors when i try do download something on my site :(

RewriteEngine on
RewriteCond %{HTTP_REFERER}!^http://domain.tld/.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://www.domain.tld/.*$ [NC]
RewriteRule .*\.(exe¦rar¦zip¦mp3¦avi)$ [domain.tld...] [R,NC]

im starting to get mad on this .. aaw

4:05 pm on Dec 23, 2003 (gmt 0)

Preferred Member

10+ Year Member

joined:Aug 28, 2002
posts:564
votes: 0


I read a quote by Eric S Raymond the other day that helped to get the whole mod_rewrite thing into focus for me. He said, "Throughout a Unix system, easy things are easy and hard things are at least possible."

The thing is, protecting your files efficiently is quite hard, but at least it is possible. You can't expect to be able to copy and paste a solution that worked elsewhere and expect it to work for you.

There is no alternative to actually learning what the various components of a .htaccess file (the rewrite conditions, the rewrite rules, the "regular expressions" etc) do and writing your own to do just what you want them to do. It's a tricky but worthwhile project and there are a lot of tips and examples in this forum.

6:00 pm on Dec 23, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


Longhaired Genius speaks the truth.

I can give you examples of allowing blank referrers and allowing certain user-agents regardless of referrer, but what I cannot do is to tell you which is more appropriate for your situation. Again, there is no one-size-fits-all solution.

Allow blank referrers:


RewriteEngine on
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain\.com [NC]
RewriteRule \.(exe¦rar¦zip¦mp3¦avi)$ - [F]

This allows blank referrers, but also will let some unwelcome downloads occur.

Allow certain downloaders:


RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} !^Wget
RewriteCond %{HTTP_USER_AGENT} !^RealDownload
RewriteCond %{HTTP_USER_AGENT} !^SmartDownload
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain\.com [NC]
RewriteRule \.(exe¦rar¦zip¦mp3¦avi)$ - [F]

You'll need to work out which downloaders you want to allow, and what their actual user-agent names are; the above are only examples. The regular-expressions symbols -- e.g.!^$?()\.* -- used to match the user-agent and referrer strings also need to be closely examined -- they need to be precisely correct in order to work as expected.

Only you can make the trade-offs between the various approaches of open access, allowing blank referrers, or allowing only certain downloaders if the referrer address is missing or incorrect.
This Introduction to mod_rewrite [webmasterworld.com] thread is a good start, and contains vital links to tutorials and documentation that you will need to read in order to get comfortable with regular expressions mod_access, and mod_rewrite.

You will need to replace all broken pipe "¦" characters in the code above with the solid pipe from your keyboard.

Jim

10:32 pm on Dec 23, 2003 (gmt 0)

New User

10+ Year Member

joined:Dec 22, 2003
posts:4
votes: 0


hmm ... basically, i only want to be able to download from my site with the normal windows download thingie and most common download managers like flashget, dap, etc... i havent expected that it would be that hard >_<
6:01 am on Dec 24, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


DJReady,

In that case, the first code snippet from msg#5 above will probably be what you want.

Jim

7:07 am on Dec 24, 2003 (gmt 0)

New User

10+ Year Member

joined:Dec 22, 2003
posts:4
votes: 0


ok, thank you ... i think ill change the foldernames for the files once a week via cronjob to make it more save against blank referers ...
but anyways, im very thankfull for your help :D