Evil Glint Posted December 19, 2010 Share Posted December 19, 2010 I found a similar topic, but it uses .htaccess. I would prefer to keep that disabled, and use http.conf instead. http://www.phpfreaks.com/forums/mod_rewrite/need-help-with-stubborn-hotlinking-prevention-rules/msg1131912/#msg1131912 Also, I don't know if it makes a difference, but my server has four sites I want protected. For the sake of not spamming about my site, I'll call them: example.tk www,example.tk (yes, unlike usual, www points to an entirely different site on my server, with different content) brotherssite.example.tk sisterssite.example.tk Any ideas? Blacklotus' final .htaccess code: Options +FollowSymlinks # no hot-linking RewriteEngine On RewriteCond %{REQUEST_URI} !nohotlinking.gif$ RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://(www\.)?vortexaviation\.ca/ [NC] RewriteCond %{HTTP_REFERER} !google\. [NC] RewriteCond %{HTTP_REFERER} !search\?q=cache [NC] RewriteRule .*\.(gif|jpg|png)$ http://www.vortexaviation.ca/images/nohotlinking.gif [R,NC] Quote Link to comment https://forums.phpfreaks.com/topic/222113-how-do-i-prevent-hot-linking/ Share on other sites More sharing options...
trq Posted December 19, 2010 Share Posted December 19, 2010 What is the problem exactly? Both RewriteCond and RewriteRule can be used within the global httpd.conf file. Quote Link to comment https://forums.phpfreaks.com/topic/222113-how-do-i-prevent-hot-linking/#findComment-1149186 Share on other sites More sharing options...
Evil Glint Posted December 19, 2010 Author Share Posted December 19, 2010 I'm new to this, so I didn't realize .htaccess and httpd.conf used the same language. My other question was do I need to make an exeption for each subdomain and the main domain? Such as: Options +FollowSymlinks # no hot-linking RewriteEngine On RewriteCond %{REQUEST_URI} !nohotlinking.gif$ RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://()?example\.tk/ [NC] RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.tk/ [NC] RewriteCond %{HTTP_REFERER} !^http://(brotherssite\.)?example\.tk/ [NC] RewriteCond %{HTTP_REFERER} !^http://(sisterssite\.)?example\.tk/ [NC] RewriteRule .*\.(gif|jpg|png)$ http://example.tk/hotlink.gif [R,NC] Also, I don't know what line five is used for, or if I even need it: RewriteCond %{HTTP_REFERER} !^$ Quote Link to comment https://forums.phpfreaks.com/topic/222113-how-do-i-prevent-hot-linking/#findComment-1149267 Share on other sites More sharing options...
PFMaBiSmAd Posted December 19, 2010 Share Posted December 19, 2010 HTTP_REFERER is an optional header that can be set to anything, and in fact most web proxy scripts set it to the domain being requested so that the request looks like it came from someone who is viewing a page on your site. Using HTTP_REFERER will stop casual hot-linking and it will stop your legitimate visitors who's browsers don't set it, but it won't stop someone who really wants to hot-link your media files. What sort of problem are you having that you are trying to solve? Quote Link to comment https://forums.phpfreaks.com/topic/222113-how-do-i-prevent-hot-linking/#findComment-1149273 Share on other sites More sharing options...
Evil Glint Posted December 19, 2010 Author Share Posted December 19, 2010 No problems at the moment. Comcast (my isp) said if there would be a problem if I used too much bandwidth, so, being as paranoid as I am, I'm trying to set up preventive measures. but it won't stop someone who really wants to hot-link your media files.So how do I stop those people? Also, I noticed a typo in the code in my last post, but was unable to edit my post. It should read:Options +FollowSymlinks # no hot-linking RewriteEngine On RewriteCond %{REQUEST_URI} !hotlink.gif$ RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://()?example\.tk/ [NC] RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.tk/ [NC] RewriteCond %{HTTP_REFERER} !^http://(brotherssite\.)?example\.tk/ [NC] RewriteCond %{HTTP_REFERER} !^http://(sisterssite\.)?example\.tk/ [NC] RewriteRule .*\.(gif|jpg|png)$ http://example.tk/hotlink.gif [R,NC] Quote Link to comment https://forums.phpfreaks.com/topic/222113-how-do-i-prevent-hot-linking/#findComment-1149289 Share on other sites More sharing options...
PFMaBiSmAd Posted December 19, 2010 Share Posted December 19, 2010 To restrict the output of your media files to only those visitors that are either authorized to view them or have actually visited one of your pages, you would need to dynamically output the media files using php code and use a session variable (set on the web page and checked in the php code that outputs the media file) to determine if the media file should be output at all. Quote Link to comment https://forums.phpfreaks.com/topic/222113-how-do-i-prevent-hot-linking/#findComment-1149291 Share on other sites More sharing options...
trq Posted December 19, 2010 Share Posted December 19, 2010 I'm new to this, so I didn't realize .htaccess and httpd.conf used the same language. .htaccess files are simply a configuration file that applies it's configuration directives to the directory it is within. Apache uses a cascading type of configuration something like (locations and names may differ depending on your distribution) .... /etc/apache2/httpd.conf - global settings /etc/apache2/vhosts/sitename.conf - domain wide settings /var/www/sitename/htdocs/*/.htaccess - directory specific settings. When you look at a directive within the manual (which you should be checking) it tells you what context you can apply that setting too. You can (and should) read about context here: http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Context Quote Link to comment https://forums.phpfreaks.com/topic/222113-how-do-i-prevent-hot-linking/#findComment-1149364 Share on other sites More sharing options...
Evil Glint Posted December 22, 2010 Author Share Posted December 22, 2010 To restrict the output of your media files to only those visitors that are either authorized to view them or have actually visited one of your pages, you would need to dynamically output the media files using php code and use a session variable (set on the web page and checked in the php code that outputs the media file) to determine if the media file should be output at all.Apparently, I can't read. I went on a wild Google goose chase, and only got anywhere after rereading your post. Great idea! After experimenting with clearing cookies and whatnot, it seems very secure. You can (and should) read about context here: http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Context FINALY! I never can find a simple set of instructions for the Apache httpd.conf file. Google gives me anything I want to know about HTML/CSS/PHP/JavaScript/any-other-internet-coding-language, bet not anything helpful about the httpd.conf file. Thank you very much, PFMaBiSmAd and thorpe! Quote Link to comment https://forums.phpfreaks.com/topic/222113-how-do-i-prevent-hot-linking/#findComment-1150446 Share on other sites More sharing options...
trq Posted December 22, 2010 Share Posted December 22, 2010 The manual should be the first place you go for anything!!! Quote Link to comment https://forums.phpfreaks.com/topic/222113-how-do-i-prevent-hot-linking/#findComment-1150547 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.