[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Hotlink protect all files in a directory

Posted on 2005-04-06
29
Medium Priority
?
277 Views
Last Modified: 2010-03-04
Hi,

I'm using the following code to hotlink protect all files in a directory, but it isnt working (no error but can download files from everywhere (include direct from browser).
Only allowed to be downloaded from "http://www.savefile.com/" (directories and files) - hosting some subdomains witch isnt allowed to hotlink neither.

RewriteEngine on

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?savefile.com/.*$ [NC]
RewriteRule \.(*)$ - [F]

 - What is wrong with my code?
0
Comment
Question by:kgp43
  • 17
  • 12
29 Comments
 

Author Comment

by:kgp43
ID: 13719012
I have tried the following, but get a internal server error:

Order Deny,Allow
Deny from all
Allow from savefile.com
0
 

Author Comment

by:kgp43
ID: 13731682
still open for suggestions :)
0
 
LVL 7

Expert Comment

by:Promethyl
ID: 13744970
This one is based on the cPanel's model, works fine for me. Make sure you have rewrite engine enabled!

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://savefile.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://.*.savefile.com/.*$      [NC]
RewriteRule .*\.(jpg|jpeg|jpe)$ http://fcelebs.com/images/accessdenied.jpg [R,NC]

usr@name [/home/account/www/]# cat /etc/httpd/conf/httpd.conf | grep rewrite
LoadModule rewrite_module     libexec/mod_rewrite.so
AddModule mod_rewrite.c
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 7

Expert Comment

by:Promethyl
ID: 13744975
To answer your question, btw, you have a syntax error.

[Sat Apr  9 16:16:35 2005] [alert] [client 68.13.1.1] /home/fff/public_html/tmp/.htaccess: RewriteRule: cannot compile regular expression '\\.(*)$'\n
0
 

Author Comment

by:kgp43
ID: 13745125
I'm already using something similar to your suggestions, but how do I prevent all filestypes instead of just those 3 (I have about 30 ext., that I want to hotlink protect)
Also, dosent this allow subdomains of savefile to hotlink (witch I dont want):
RewriteCond %{HTTP_REFERER} !^http://.*.savefile.com/.*$      [NC]
0
 
LVL 7

Expert Comment

by:Promethyl
ID: 13745141
For images:
RewriteRule .*\.(jpg|jpeg|jpe)$ http://fcelebs.com/images/accessdenied.jpg [R,NC]

Add others similiarly...
RewriteRule .*\.(jpg|jpeg|jpe|etc|bmp|txt)$ http://fcelebs.com/images/accessdenied.jpg [R,NC]

0
 

Author Comment

by:kgp43
ID: 13745801
Can I use a wildcard or something? otherwise I will have to add all 30-40 extentions.
0
 
LVL 7

Expert Comment

by:Promethyl
ID: 13745836
Yes. You can use regular expressions. I'm not good with that, but .* should be one character, followed by any number of characters being any characters present.

0
 

Author Comment

by:kgp43
ID: 13758152
im using this hotlink protection below, but it's not working 100%

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://savefile.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.savefile.com/.*$      [NC]
RewriteRule .*\.(jpg|jpeg|jpe|gif)$ http://www.savefile.com [R,NC]

With this tool/checker it's possible to hotlink using a popup: http://coldlink.com/htm/tool.htm
How do I prevent that?
0
 

Author Comment

by:kgp43
ID: 13758154
... test url:
http://fs01.savefile.com/files/2005/04/11/[www.savefile.com]050411183311_lastpost.gif
0
 
LVL 7

Expert Comment

by:Promethyl
ID: 13758430
Test url worked, I got the savefile.com.
0
 

Author Comment

by:kgp43
ID: 13758707
try this tool (allow popups): http://coldlink.com/htm/tool.htm
 - it dosnet work with popups and telling me to correct it.
0
 
LVL 7

Expert Comment

by:Promethyl
ID: 13758869
Doesn't bring pictures for me, using Firefox.
0
 

Author Comment

by:kgp43
ID: 13761092
I get it (using IE)
0
 

Author Comment

by:kgp43
ID: 13762797
I tried to remove the image... thing, and using a wildcard but it dosent work.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://savefile.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.savefile.com/.*$      [NC]
RewriteRule .*\.(.*)$ http://www.savefile.com [R,NC]
0
 
LVL 7

Expert Comment

by:Promethyl
ID: 13763970
Why are these .* in parens? I thought parenthetical expression was used option for option lists?
0
 

Author Comment

by:kgp43
ID: 13767886
I asked if it was possible to use "wildcard" instead of "gif|jpg|png", and was told to use (.*)
is this wrong?
0
 

Author Comment

by:kgp43
ID: 13780166
Hi,

I have been using the last 3-4 hours to get this to work, but everything seems to fail.
I'm back using this version, but im able to link directly to the files from my browser.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://savefile.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.savefile.com/.*$      [NC]
RewriteRule .*\.(jpg|jpeg|jpe|gif|exe)$ http://www.savefile.com [R,NC]

 - How do I prevent linking directly from the browser?
Ex. http://fs01.savefile.com/files/2005/04/11/[www.savefile.com]050411183311_lastpost.gif

0
 

Author Comment

by:kgp43
ID: 13780173
it shouldnt be possible to see the image from the link above. How do I prevent that?
0
 
LVL 7

Accepted Solution

by:
Promethyl earned 375 total points
ID: 13780801
Assuming the HTTP_REFERER line is present -- and it's sent by the browser -- oh! I see it!.

The subdomain is failing the condition!

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://savefile.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.savefile.com/.*$      [NC]
RewriteRule .*\.(jpg|jpeg|jpe|gif|exe)$ http://www.savefile.com [R,NC]

Should be

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://savefile.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://fs01.savefile.com/.*$      [NC]
RewriteRule .*\.(jpg|jpeg|jpe|gif|exe)$ http://www.savefile.com [R,NC]

Or

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://savefile.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://.*.savefile.com/.*$      [NC]
RewriteRule .*\.(jpg|jpeg|jpe|gif|exe)$ http://www.savefile.com [R,NC]

0
 

Author Comment

by:kgp43
ID: 13781097
perfect, used this one:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://savefile.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.savefile.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://fs01.savefile.com/.*$      [NC]
RewriteRule .*\.(jpg|jpeg|jpe|gif|exe)$ http://www.savefile.com [R,NC]

going to add the 20-30 extentions instead, was not able to get the wildcard to work.
thanks for the help :)
0
 

Author Comment

by:kgp43
ID: 13783971
I'm still able to link direct to the file by putting the link in the adress field of my browser. Is there a way to prevent this?
All users are comming from one of two pages and should not be able to get the files other ways.
0
 
LVL 7

Expert Comment

by:Promethyl
ID: 13784111
Reverse the logic, right?

RewriteCond %{HTTP_REFERER} ^$

Should now be is blank.

Replaces:
RewriteCond %{HTTP_REFERER} !^$
0
 

Author Comment

by:kgp43
ID: 13784637
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^$
RewriteCond %{HTTP_REFERER} ^http://savefile.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} ^http://www.savefile.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} ^http://fs01.savefile.com/.*$      [NC]
RewriteRule .*\.(jpg|jpeg|jpe|gif|exe)$ http://www.savefile.com [R,NC]

Something like that?
0
 

Author Comment

by:kgp43
ID: 13784685
I using the code below witch prevent the user from using the link direct in his browser, but they are now able to link directly from pages. Isnt there a way to make both works (so they cant access it at all, unless they are coming from a savefile.com page)?
http://coldlink.com/htm/tool.htm

RewriteEngine on
RewriteCond %{HTTP_REFERER} ^$
RewriteCond %{HTTP_REFERER} !^http://savefile.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.savefile.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://fs01.savefile.com/.*$      [NC]
RewriteRule .*\.(jpg|jpeg|jpe|gif|exe)$ http://www.savefile.com [R,NC]
0
 
LVL 7

Expert Comment

by:Promethyl
ID: 13787126
What about taking out this line?


RewriteCond .. ^$

...

That should accomplish the desired effect.
 
0
 
LVL 7

Expert Comment

by:Promethyl
ID: 13787151
I went back and looked at some I did...

Here's one for tacticz.com.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://tacticz.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://tacticz.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.tacticz.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.tacticz.com$      [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]

And (Allowing direct requests, and sending user to the root robots.org. A jpg would have been nice, but this gives them a nice missing file broken link, which annoys webmasters, and hopefully will get you off their lists. )

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://tacticz.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://tacticz.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.tacticz.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.tacticz.com$      [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ http://robots.org [R,NC]
0
 

Author Comment

by:kgp43
ID: 13789425
the first one is working perfect :)
0
 
LVL 7

Expert Comment

by:Promethyl
ID: 13789851
Yes of course. I don't know what I was thinking in the earlier post. Let that be a lesson to you (and by you, I mean me) 'bout posting when you wake up before you start the caffeine I.V.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
The title says it all. Writing any type of PHP Application or API code that provides high throughput, while under a heavy load, seems to be an arcane art form (Black Magic). This article aims to provide some general guidelines for producing this typ…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month18 days, 9 hours left to enroll

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question