Solved

prevent hot linking of images Linux Centos

Posted on 2013-12-18
11
893 Views
Last Modified: 2014-01-12
Hi,

I came across this bit of code to prevent hotlinking of my images on https://secure.myultratrust.com and
http://myultratrust.com

I put the following in my httpd.conf file:
SetEnvIfNoCase Referer "^https://secure\.myultratrust\.com/" banimages=1
SetEnvIfNoCase Referer "^http://myultratrust\.com/" banimages=1
SetEnvIfNoCase Referer "^http://www\.myultratrust\.com/" banimages=1
SetEnvIfNoCase Referer "^$" banimages=1
<FilesMatch "\.(gif|png|jpe?g)$">
  Order Allow,Deny
  Allow from env=banimages=1
</FilesMatch>

Open in new window


I then restarted apache. But the above prevents my images from displaying on my own site though.

Also, I tried this in my .htaccess file:
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?cyberciti.biz/.*$ [NC]
RewriteRule ^.*\.(bmp|tif|gif|jpg|jpeg|jpe|png)$ - [F] 

Open in new window


I restarted apache. But I still see the image here:
http://tutorialref.com/test/temp/test_hotlinking.html

https://secure.myultratrust.com/diy/login/images/bottom-separator.png - that's an image to test.

Thank you,
Victor
0
Comment
Question by:Victor Kimura
  • 6
  • 5
11 Comments
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39728482
Your image link uses 'https' which isn't considered in your .htaccess file.  And why are you using 'cyberciti.biz' instead of "myultratrust\.com"?

http://www.javascriptkit.com/howto/htaccess10.shtml

Here are some suggestions from Dreamhost:
http://wiki.dreamhost.com/Preventing_hotlinking
0
 

Author Comment

by:Victor Kimura
ID: 39731439
Hi Dave,

Sorry, I posted the wrong code from the .htaccess file:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https://(secure\.)?myultratrust.com/.*$ [NC]
RewriteRule ^.*\.(bmp|tif|gif|jpg|jpeg|jpe|png)$ - [F]

Open in new window


I also tried this:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(www\.)?myultratrust\.com(/.*)*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://myultratrust\.com(/.*)*$ [NC]
RewriteCond %{HTTP_REFERER} !^https://(secure\.)?myultratrust\.com(/.*)*$ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule \.(jpeg|jpg|gif|png)$ - [F]

Open in new window


Both times I restarted apache.

But I can still see the image here:
http://tutorialref.com/test/temp/test_hotlinking.html

What am I doing wrong?
0
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 39734424
This works on two of my Linux web sites.
RewriteEngine on  
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mysite.com/.*$ [NC]
RewriteRule \.(gif|jpg|jpeg|js|css)$ - [F]

Open in new window

0
 

Author Comment

by:Victor Kimura
ID: 39762725
it's strange. but I can still see this image on this page:
http://tutorialref.com/test/temp/test_hotlinking.html

Something else wrong:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https://(secure\.)?myultratrust.com/.*$ [NC]
RewriteRule \.(gif|jpg|jpeg|js|css)$ - [F]

Open in new window


Maybe a setting?
0
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 500 total points
ID: 39762849
If you have 'redirection' setup before the attempt to block the images, then the image block will never be seen.  Try putting that .htaccess code above in the image directory.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:Victor Kimura
ID: 39763035
hmm...I put the code above in an .htaccess file in the image directory at:

https://secure.myultratrust.com/diy/login/images/

restarted apache. Still image is showing up at:
http://tutorialref.com/test/temp/test_hotlinking.html

Is it because it's in a sub-domain and so perhaps I need something extra so the server knows where the images directory is precisely?
0
 

Assisted Solution

by:Victor Kimura
Victor Kimura earned 0 total points
ID: 39763040
I found this bit of code:
RewriteCond expr "! %{HTTP_REFERER} -strmatch '*://%{HTTP_HOST}/*'"
RewriteRule ^/images - [F]

on the apache site:
http://httpd.apache.org/docs/current/mod/mod_rewrite.html

But not quite sure how to change it to match my condition. I find the rewritecond a thing to be grasped still.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39763133
I don't know what to tell you.  'rewrite' has never been all that clear to me.
0
 

Assisted Solution

by:Victor Kimura
Victor Kimura earned 0 total points
ID: 39763179
Haha. Lol. My simple mistake. I'm getting over a cold so I didn't see that I didn't add .png to the line!

Thanks, Dave!

Here's the code for others to use. Works for all subs.

# ------------------------------------------------
# Stop hotlinking of images
# ------------------------------------------------
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https://(.+\.)?mydomain.com/.*$ [NC]
RewriteRule .*\.(gif|jpg|jpeg|js|css|png)$ - [F]

Open in new window


I'm just curious what is this line actually mean?
RewriteCond %{HTTP_REFERER} !^$
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39763557
Glad you found it, I didn't even notice that.
0
 

Author Closing Comment

by:Victor Kimura
ID: 39774469
Thanks, Dave! =)
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You ever wonder how to backup Linux system files just like Windows System Restore?  Well you can use Timeshift in Linux to perform those similar action.  This tutorial will show you how to backup your system files and keep regular intervals. Note…
The purpose of this article is to demonstrate how we can upgrade Python from version 2.7.6 to Python 2.7.10 on the Linux Mint operating system. I am using an Oracle Virtual Box where I have installed Linux Mint operating system version 17.2. Once yo…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now