Start Free Trial

asked on

Hotlink protect all files in a directory

Hi,

I'm using the following code to hotlink protect all files in a directory, but it isnt working (no error but can download files from everywhere (include direct from browser).
Only allowed to be downloaded from "http://www.savefile.com/" (directories and files) - hosting some subdomains witch isnt allowed to hotlink neither.

RewriteEngine on

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?savefile.com/.*$ [NC]
RewriteRule \.(*)$ - [F]

- What is wrong with my code?

ASKER

I have tried the following, but get a internal server error:

Order Deny,Allow
Deny from all
Allow from savefile.com

ASKER

still open for suggestions :)

This one is based on the cPanel's model, works fine for me. Make sure you have rewrite engine enabled!

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://savefile.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://.*.savefile.com/.*$ [NC]
RewriteRule .*\.(jpg|jpeg|jpe)$ http://fcelebs.com/images/accessdenied.jpg [R,NC]

usr@name [/home/account/www/]# cat /etc/httpd/conf/httpd.conf | grep rewrite
LoadModule rewrite_module libexec/mod_rewrite.so
AddModule mod_rewrite.c

To answer your question, btw, you have a syntax error.

[Sat Apr 9 16:16:35 2005] [alert] [client 68.13.1.1] /home/fff/public_html/tmp/.htaccess: RewriteRule: cannot compile regular expression '\\.(*)$'\n

ASKER

I'm already using something similar to your suggestions, but how do I prevent all filestypes instead of just those 3 (I have about 30 ext., that I want to hotlink protect)
Also, dosent this allow subdomains of savefile to hotlink (witch I dont want):
RewriteCond %{HTTP_REFERER} !^http://.*.savefile.com/.*$ [NC]

For images:
RewriteRule .*\.(jpg|jpeg|jpe)$ http://fcelebs.com/images/accessdenied.jpg [R,NC]

Add others similiarly...
RewriteRule .*\.(jpg|jpeg|jpe|etc|bmp|txt)$ http://fcelebs.com/images/accessdenied.jpg [R,NC]

ASKER

Can I use a wildcard or something? otherwise I will have to add all 30-40 extentions.

Yes. You can use regular expressions. I'm not good with that, but .* should be one character, followed by any number of characters being any characters present.

ASKER

im using this hotlink protection below, but it's not working 100%

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://savefile.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.savefile.com/.*$ [NC]
RewriteRule .*\.(jpg|jpeg|jpe|gif)$ http://www.savefile.com [R,NC]

With this tool/checker it's possible to hotlink using a popup: http://coldlink.com/htm/tool.htm
How do I prevent that?

ASKER

... test url:
http://fs01.savefile.com/files/2005/04/11/[www.savefile.com]050411183311_lastpost.gif

Test url worked, I got the savefile.com.

ASKER

try this tool (allow popups): http://coldlink.com/htm/tool.htm
- it dosnet work with popups and telling me to correct it.

Doesn't bring pictures for me, using Firefox.

ASKER

I get it (using IE)

ASKER

I tried to remove the image... thing, and using a wildcard but it dosent work.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://savefile.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.savefile.com/.*$ [NC]
RewriteRule .*\.(.*)$ http://www.savefile.com [R,NC]

Why are these .* in parens? I thought parenthetical expression was used option for option lists?

ASKER

I asked if it was possible to use "wildcard" instead of "gif|jpg|png", and was told to use (.*)
is this wrong?

ASKER

Hi,

I have been using the last 3-4 hours to get this to work, but everything seems to fail.
I'm back using this version, but im able to link directly to the files from my browser.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://savefile.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.savefile.com/.*$ [NC]
RewriteRule .*\.(jpg|jpeg|jpe|gif|exe)$ http://www.savefile.com [R,NC]

- How do I prevent linking directly from the browser?
Ex. http://fs01.savefile.com/files/2005/04/11/[www.savefile.com]050411183311_lastpost.gif

ASKER

it shouldnt be possible to see the image from the link above. How do I prevent that?

ASKER CERTIFIED SOLUTION

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

ASKER

perfect, used this one:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://savefile.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.savefile.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://fs01.savefile.com/.*$ [NC]
RewriteRule .*\.(jpg|jpeg|jpe|gif|exe)$ http://www.savefile.com [R,NC]

going to add the 20-30 extentions instead, was not able to get the wildcard to work.
thanks for the help :)

ASKER

I'm still able to link direct to the file by putting the link in the adress field of my browser. Is there a way to prevent this?
All users are comming from one of two pages and should not be able to get the files other ways.

Reverse the logic, right?

RewriteCond %{HTTP_REFERER} ^$

Should now be is blank.

Replaces:
RewriteCond %{HTTP_REFERER} !^$

ASKER

RewriteEngine on
RewriteCond %{HTTP_REFERER} ^$
RewriteCond %{HTTP_REFERER} ^http://savefile.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} ^http://www.savefile.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} ^http://fs01.savefile.com/.*$ [NC]
RewriteRule .*\.(jpg|jpeg|jpe|gif|exe)$ http://www.savefile.com [R,NC]

Something like that?

ASKER

I using the code below witch prevent the user from using the link direct in his browser, but they are now able to link directly from pages. Isnt there a way to make both works (so they cant access it at all, unless they are coming from a savefile.com page)?
http://coldlink.com/htm/tool.htm

RewriteEngine on
RewriteCond %{HTTP_REFERER} ^$
RewriteCond %{HTTP_REFERER} !^http://savefile.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.savefile.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://fs01.savefile.com/.*$ [NC]
RewriteRule .*\.(jpg|jpeg|jpe|gif|exe)$ http://www.savefile.com [R,NC]

What about taking out this line?

RewriteCond .. ^$

...

That should accomplish the desired effect.

I went back and looked at some I did...

Here's one for tacticz.com.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://tacticz.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://tacticz.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.tacticz.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.tacticz.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]

And (Allowing direct requests, and sending user to the root robots.org. A jpg would have been nice, but this gives them a nice missing file broken link, which annoys webmasters, and hopefully will get you off their lists. )

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://tacticz.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://tacticz.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.tacticz.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.tacticz.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ http://robots.org [R,NC]

ASKER

the first one is working perfect :)

Yes of course. I don't know what I was thinking in the earlier post. Let that be a lesson to you (and by you, I mean me) 'bout posting when you wake up before you start the caffeine I.V.