vexx Posted May 6, 2009 Share Posted May 6, 2009 Ok, I have a problem I can't get around for the last 2 days. I have a site and I decided to add a mirror for hosting some files to it. Let's call this site mysite.com . For the mirror, I have added a subdomain mirror.mysite.com In some pages on the site, I have references to some files from mirror.mysite.com. The problem is, I don't want anybody to hotlink them, so basically, I just want the users to get the file when clicking on links from mysite.com. I figured that using the deny allow rules will resolve this problem, but it seems not, or I'm not using it correctly. order deny,allow deny from all allow from mysite.com {tried with ip also} What's wrong here? Quote Link to comment Share on other sites More sharing options...
gffg4574fghsDSGDGKJYM Posted May 8, 2009 Share Posted May 8, 2009 You can't do this. Each http request is separate from all others. That mean the request for mirror.mysite.com have no idea on what site it came from or even if it was a website or a bookmark or whatever else. When a client initiate a http connection it can provide a REFERER (the previous URL) that can allow you to know where it can from, but since the REFERER is provide by the client it's unreliable, modern browser will provide it, but you can easly fake it with some firefox addon or with php curl() function. Unless you want to install a php solution for this (like login, session, ...) you can rely on REFERER given by the client to deny the mirror. It's unreliable but in real work it may work great since most browser provide a REFERER. In your .htaccess (you will need mod_rewrite module for it to work) : Options +FollowSymLinks <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC] RewriteRule \.(gif|png|jpg)$ - [F] </IfModule> In this example it block all image (gif, png, jpg) if the REFERER don't come from www.mydomain.com or mydomain.com, change it for your need. With this : order deny,allow deny from all allow from 192.168.0.1 In this example everyone except the IP address with 192.168.0.1 are deny. It will allow 192.168.0.1 to request anything (no mater what website it came from) and deny all others request (even if they are caming from the right website). Hope it help Quote Link to comment Share on other sites More sharing options...
vexx Posted May 12, 2009 Author Share Posted May 12, 2009 ok i tried this code in my htaccess: order deny,allow deny from all allow from 192.168.0.1 i blocks everything, but also my site. i tried the site ip at allow, i tried it 192.168.* and i tried it with *.site.com (at allow). Nothing works, the page gives me forbidden everywhere. I'm guessing I don't need to add this code also right? Options +FollowSymLinks <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC] RewriteRule \.(gif|png|jpg)$ - [F] </IfModule> Thank you in advance Quote Link to comment Share on other sites More sharing options...
gffg4574fghsDSGDGKJYM Posted May 12, 2009 Share Posted May 12, 2009 You didn't read my post at all did you ? I told you what order deny, allo, deny from all actually does, not to use it, isn't the answer to your problem, DO NOT use it. Read my first post. The answer is there. Quote Link to comment Share on other sites More sharing options...
vexx Posted May 12, 2009 Author Share Posted May 12, 2009 i'm sorry, don't know what i was thinking, i was misinterpreted it. I tried your solution, but i didn't block anything. <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://(www\.)?site.com/.*$ [NC] RewriteRule \.(rar|exe|zip)$ - [F] </IfModule> i replaced the pictures execs with the ones i posted above. If I try the following link mirror.site.com/folder/file.exe the browser gets it either if it's linked on site.com or i just paste it in a different browser. I hope i didn't got this wrong either Quote Link to comment Share on other sites More sharing options...
gffg4574fghsDSGDGKJYM Posted May 12, 2009 Share Posted May 12, 2009 You need the Options +FollowSymLinks for mod_rewrite to work. Options +FollowSymLinks <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC] RewriteRule \.(rar|exe|zip)$ - [F] </IfModule> Did you change the mydomain.com to yours ? Did you have mod_rewrite installed and test it ? Did you have 'AllowOverride All' in your main apache configuration file (needed to rewrite url) ? Did you clean the browser cache before trying ? What browser are you using ? As i said the REFERER rely on the browser to work (and isn't reliable but in most case it should work). How did you put the link on the page ? I think most <img> <a> are fine, but i'm not sure about how browser sent the REFERER in case of a javascript. I copy/paste this script after testing it from my local apache and it was working for me. Quote Link to comment Share on other sites More sharing options...
vexx Posted May 14, 2009 Author Share Posted May 14, 2009 sorry for the late responde...i got some issues couldn't be at the computer. The browser used is Firefox and the links are hrefs, straight into the html. mod_rewrite is installed, the site has also some links rewritten. I just checked httpd.conf to double check and the following are on: Options All AllowOverride All However, being a cpanel powered server, in the virtualhosts(httpd.conf) for that domain, i have the following: Options -ExecCGI -Includes but i'm not sure if I need to add the +followsymlinks directive here. is this the problem? thx alot for all your help. i greatly appreciate it! Quote Link to comment Share on other sites More sharing options...
vexx Posted May 19, 2009 Author Share Posted May 19, 2009 i tried with +followsymlinks in the virtualhost directory...no go...any idea? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.