Solved

prevent hot linking of images Linux Centos

Posted on 2013-12-18
11
920 Views
Last Modified: 2014-01-12
Hi,

I came across this bit of code to prevent hotlinking of my images on https://secure.myultratrust.com and
http://myultratrust.com

I put the following in my httpd.conf file:
SetEnvIfNoCase Referer "^https://secure\.myultratrust\.com/" banimages=1
SetEnvIfNoCase Referer "^http://myultratrust\.com/" banimages=1
SetEnvIfNoCase Referer "^http://www\.myultratrust\.com/" banimages=1
SetEnvIfNoCase Referer "^$" banimages=1
<FilesMatch "\.(gif|png|jpe?g)$">
  Order Allow,Deny
  Allow from env=banimages=1
</FilesMatch>

Open in new window


I then restarted apache. But the above prevents my images from displaying on my own site though.

Also, I tried this in my .htaccess file:
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?cyberciti.biz/.*$ [NC]
RewriteRule ^.*\.(bmp|tif|gif|jpg|jpeg|jpe|png)$ - [F] 

Open in new window


I restarted apache. But I still see the image here:
http://tutorialref.com/test/temp/test_hotlinking.html

https://secure.myultratrust.com/diy/login/images/bottom-separator.png - that's an image to test.

Thank you,
Victor
0
Comment
Question by:Victor Kimura
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39728482
Your image link uses 'https' which isn't considered in your .htaccess file.  And why are you using 'cyberciti.biz' instead of "myultratrust\.com"?

http://www.javascriptkit.com/howto/htaccess10.shtml

Here are some suggestions from Dreamhost:
http://wiki.dreamhost.com/Preventing_hotlinking
0
 

Author Comment

by:Victor Kimura
ID: 39731439
Hi Dave,

Sorry, I posted the wrong code from the .htaccess file:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https://(secure\.)?myultratrust.com/.*$ [NC]
RewriteRule ^.*\.(bmp|tif|gif|jpg|jpeg|jpe|png)$ - [F]

Open in new window


I also tried this:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(www\.)?myultratrust\.com(/.*)*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://myultratrust\.com(/.*)*$ [NC]
RewriteCond %{HTTP_REFERER} !^https://(secure\.)?myultratrust\.com(/.*)*$ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule \.(jpeg|jpg|gif|png)$ - [F]

Open in new window


Both times I restarted apache.

But I can still see the image here:
http://tutorialref.com/test/temp/test_hotlinking.html

What am I doing wrong?
0
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 39734424
This works on two of my Linux web sites.
RewriteEngine on  
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mysite.com/.*$ [NC]
RewriteRule \.(gif|jpg|jpeg|js|css)$ - [F]

Open in new window

0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 

Author Comment

by:Victor Kimura
ID: 39762725
it's strange. but I can still see this image on this page:
http://tutorialref.com/test/temp/test_hotlinking.html

Something else wrong:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https://(secure\.)?myultratrust.com/.*$ [NC]
RewriteRule \.(gif|jpg|jpeg|js|css)$ - [F]

Open in new window


Maybe a setting?
0
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 500 total points
ID: 39762849
If you have 'redirection' setup before the attempt to block the images, then the image block will never be seen.  Try putting that .htaccess code above in the image directory.
0
 

Author Comment

by:Victor Kimura
ID: 39763035
hmm...I put the code above in an .htaccess file in the image directory at:

https://secure.myultratrust.com/diy/login/images/

restarted apache. Still image is showing up at:
http://tutorialref.com/test/temp/test_hotlinking.html

Is it because it's in a sub-domain and so perhaps I need something extra so the server knows where the images directory is precisely?
0
 

Assisted Solution

by:Victor Kimura
Victor Kimura earned 0 total points
ID: 39763040
I found this bit of code:
RewriteCond expr "! %{HTTP_REFERER} -strmatch '*://%{HTTP_HOST}/*'"
RewriteRule ^/images - [F]

on the apache site:
http://httpd.apache.org/docs/current/mod/mod_rewrite.html

But not quite sure how to change it to match my condition. I find the rewritecond a thing to be grasped still.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39763133
I don't know what to tell you.  'rewrite' has never been all that clear to me.
0
 

Assisted Solution

by:Victor Kimura
Victor Kimura earned 0 total points
ID: 39763179
Haha. Lol. My simple mistake. I'm getting over a cold so I didn't see that I didn't add .png to the line!

Thanks, Dave!

Here's the code for others to use. Works for all subs.

# ------------------------------------------------
# Stop hotlinking of images
# ------------------------------------------------
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https://(.+\.)?mydomain.com/.*$ [NC]
RewriteRule .*\.(gif|jpg|jpeg|js|css|png)$ - [F]

Open in new window


I'm just curious what is this line actually mean?
RewriteCond %{HTTP_REFERER} !^$
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39763557
Glad you found it, I didn't even notice that.
0
 

Author Closing Comment

by:Victor Kimura
ID: 39774469
Thanks, Dave! =)
0

Featured Post

Application Discovery Service in AWS

In the era of the cloud, customers migrating away from their existing on-premise infrastructure. This requires lots of planning, strategies, and effort to identify their existing resources and determine how best to migrate.  Datacenter migrations happen in four phases -

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Fine Tune your automatic Updates for Ubuntu / Debian
In part one, we reviewed the prerequisites required for installing SQL Server vNext. In this part we will explore how to install Microsoft's SQL Server on Ubuntu 16.04.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question