Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

hotlink protection

camocamo New
edited October 2011 in Vanilla 2.0 - 2.8
Hi, Im using a
 dot htaccess
rewrite condition to redirect if an image is hotlinked from my website. It USED TO WORK
BUT NOT ANYMORE
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?camosreptiles.com.au(/)?.*$ [NC]
RewriteRule .*\.(gif|jpg|png|jpeg|bmp)$ http://www.camosreptiles.com.au/hotlink.shtml [R,NC]
A few questions:

1. what is the modern way to do this?

2. (if I can sort that) How do I add it to my forum .htacces to use there too? Or can I modify the original (main website .htaccess) to cover both the forum
http://www.camosreptiles.com.au/forum/
and my classifieds
http://www.camosreptiles.com.au/classifieds/

P.S sorry about the other two post, didnt realise writing
dot htaccess 
would screw something.

Tagged:

Best Answer

  • camocamo New
    edited October 2011 Answer ✓
    Ok, after much messing about, The following works

    websites file


    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?camosreptiles.com.au\/ [NC]
    RewriteRule \.(jpg|jpeg|png|gif)$ http://i14.photobucket.com/albums/a345/Instar/nedry2.gif [NC,R,L]



    include in the forums file


    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?camosreptiles.com.au/forum\/ [NC]
    RewriteRule \.(jpg|jpeg|png|gif)$ http://i14.photobucket.com/albums/a345/Instar/nedry2.gif [NC,R,L]
    include in classifieds file

    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?camosreptiles.com.au/classifieds\/ [NC]
    RewriteRule \.(jpg|jpeg|png|gif)$ http://i14.photobucket.com/albums/a345/Instar/nedry2.gif [NC,R,L]
    These work and replace images AFTER clearing the cache. but regular visitors are not likely to have a clean cache (having visited the site before)

    How do you stop them?

    Also facebook has no trouble pulling thumbnails still, even without mention of them in the codes??? Mystery!

    I still cannot get hotlinks to redirect to my policy page though! ?


    EDIT: CRAP! now its not working again, WTF? I hate code!

Answers

  • camocamo New
    edited October 2011
    Ok Im now using this

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^http://camosreptiles.com.au/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://camosreptiles.com.au$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://www.camosreptiles.com.au/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://www.camosreptiles.com.au$ [NC]
    RewriteCond %{HTTP_REFERER} !^https?://(www\.)?facebook\.com [NC]
    RewriteRule \.(gif|jpg|jpeg|png)$ http://i14.photobucket.com/albums/a345/Instar/nedry2.gif [NC,R,L]
    But Id really like to be abl;e to redirect if used in tags

    RewriteRule .*\.(gif|jpg|png|jpeg|bmp)$ http://www.camosreptiles.com.au/hotlink.shtml [R,NC]

    also to include /forum & /classifieds

    My forum file is...

    RewriteEngine On
    # Certain hosts may require the following line.
    # If vanilla is in a subfolder then you need to specify it after the /.
    # (ex. You put Vanilla in /forum so change the next line to: RewriteBase /forum)
    RewriteBase /forum
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^(.*)$ index.php\?p=$1 [QSA,L]

    my classifieds file is

    ErrorDocument 404 /classifieds/content/404.php

    RewriteEngine on
    RewriteBase /classifieds
    RewriteRule ^([0-9]+)$ index.php?page=$1 [L]
    RewriteRule ^install/$ install/ [L]
    RewriteRule ^admin/$ admin/index.php [L]
    RewriteRule ^rss/$ content/feed-rss.php [L]
    RewriteRule ^manage/$ content/item-manage.php [L]
    RewriteRule ^publish-a-new-ad.htm content/item-new.php [L]
    RewriteRule ^contact.htm content/contact.php [L]
    RewriteRule ^terms.htm content/terms.php [L]
    RewriteRule ^privacy-policy.htm content/privacy.php [L]
    RewriteRule ^sitemap.htm content/site-map.php [L]
    RewriteRule ^advanced-search.htm content/search.php [L]
    RewriteRule ^map.htm content/map.php [L]
    RewriteRule ^register-new-account.htm content/account/register.php [L]
    RewriteRule ^login.htm content/account/login.php [L]
    RewriteRule ^logout.htm content/account/logout.php [L]
    RewriteRule ^forgot-my-password.htm content/account/recoverpassword.php [L]
    RewriteRule ^settings.htm content/account/settings.php [L]
    RewriteRule ^my-account/$ content/account/index.php [L]
    RewriteRule ^offer/(.+)/(.+)/$ index.php?category=$1&type=0&location=$2 [L]
    RewriteRule ^offer/(.+)$ index.php?category=$1&type=0 [L]
    RewriteRule ^need/(.+)/(.+)/$ index.php?category=$1&type=1&location=$2 [L]
    RewriteRule ^need/(.+)$ index.php?category=$1&type=1 [L]
    RewriteRule ^classifieds/(.+)/([0-9]+)$ index.php?location=$1&page=$2 [L]
    RewriteRule ^classifieds/(.+)/$ index.php?location=$1 [L]
    RewriteRule ^(.+)/(.+)/(.+)/$ index.php?category=$2&location=$3 [L]
    RewriteRule ^(.+)/(.+)/$ index.php?category=$2 [L]
    RewriteRule ^category/(.+) $1/ [R=301,L]
    RewriteRule ^(.+)/(.+)/(.+)/([0-9]+)$ index.php?category=$2&location=$3&page=$4 [L]
    RewriteRule ^(.+)/$ index.php?category=$1 [L]
    RewriteRule ^(.+)/(.+)/([0-9]+)$ index.php?category=$2&page=$3 [L]
    RewriteRule ^(.+)/([0-9]+)$ index.php?category=$1&page=$2 [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.+)/(.+)/(.+)/(.+)$ /$3/$4-$1.htm [R=301,L]
    RewriteRule ^(.+)/(.+)/(.+)-([0-9]+).htm$ item.php?category=$2&item=$4 [L]
    RewriteRule ^(.+)/(.+)-([0-9]+).htm$ item.php?category=$1&item=$3 [L]

    I DID TRY adding

    RewriteCond %{HTTP_REFERER} !^http://camosreptiles.com.au/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://camosreptiles.com.au$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://www.camosreptiles.com.au/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://www.camosreptiles.com.au$ [NC]
    RewriteCond %{HTTP_REFERER} !^https?://(www\.)?facebook\.com [NC]
    RewriteRule \.(gif|jpg|jpeg|png)$ http://i14.photobucket.com/albums/a345/Instar/nedry2.gif [NC,R,L]
    to both forum and classifieds but it did not work !
  • For some reason my code is not Protecting ALL images at http://www.camosreptiles.com.au/

    onlu some. My front page images are protected, but not my gallery pics (which are just another page) ?? I dont understand this crap!
  • camocamo New
    edited October 2011 Answer ✓
    Ok, after much messing about, The following works

    websites file


    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?camosreptiles.com.au\/ [NC]
    RewriteRule \.(jpg|jpeg|png|gif)$ http://i14.photobucket.com/albums/a345/Instar/nedry2.gif [NC,R,L]



    include in the forums file


    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?camosreptiles.com.au/forum\/ [NC]
    RewriteRule \.(jpg|jpeg|png|gif)$ http://i14.photobucket.com/albums/a345/Instar/nedry2.gif [NC,R,L]
    include in classifieds file

    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?camosreptiles.com.au/classifieds\/ [NC]
    RewriteRule \.(jpg|jpeg|png|gif)$ http://i14.photobucket.com/albums/a345/Instar/nedry2.gif [NC,R,L]
    These work and replace images AFTER clearing the cache. but regular visitors are not likely to have a clean cache (having visited the site before)

    How do you stop them?

    Also facebook has no trouble pulling thumbnails still, even without mention of them in the codes??? Mystery!

    I still cannot get hotlinks to redirect to my policy page though! ?


    EDIT: CRAP! now its not working again, WTF? I hate code!
  • camocamo New
    edited October 2011
    Actually I just realised if I block empty referrers, then anyone using a proxy or behind a firewall etc may not be able to see pics on my site.

    Is a conditional rewrite rule possible? for example:

    If they do this..(anywhere but my domain)

    <img src="http://www.mysite.com.au/mypic.gif"/>

    They get a specific image instead, BUT..

    If they do this....

    <a href="http://www.mysite.com.au/mypic.gif"/><a great pic</a>

    then when the link is clicked, it redirects to a specific page.

    Thats what Id like to do, possible?
  • camocamo New
    edited October 2011
    Heres an example of redirecting to a page thats supposed to work (atleast at the time of writing)

    Here’s how I do it. First, we slap that regex down on the incoming HTTP request to gauge whether it’s a hotlinked image.

    RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g|png)$ [NC]
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !underscorebleach\.net [NC]
    RewriteCond %{HTTP_REFERER} !bloglines\.com [NC]
    RewriteCond %{HTTP_REFERER} !google\. [NC]
    RewriteCond %{HTTP_REFERER} !search\?q=cache [NC]
    RewriteRule (.*) /view_image.shtml?/$1 [R,NC,L]
    Lines 2 through 6 allow hotlinking from my site, Bloglines, Google, and cached items. I also allow requests with a null HTTP_REFERER value to obtain the image; this occurs in the case of bookmarks, some proxies, some browser settings, some third-party privacy plugins, etc. If you try to get tricky and force users to have a referrer from your own domain, you’re likely to get yourself in trouble. Trust me.

    The last line redirects users to an SHTML page. Notice that I pass the value of the REQUEST_URI as a parameter in the URL to view_image.shtml. In the source, I then use a simple SSI directive to output the image.

    Could a redirect 403 permission denied (custom page) work?
    apache rewrite seems rather inflexable.
Sign In or Register to comment.