Hotlinking protection using .htaccess won't work

Fix it!!

Hotlinking protection using .htaccess won't work

Postby blindlemon1983 » Fri Oct 12, 2007 4:41 am

This is not working...

#To prevent hotlinking
#Exception folder "WebLinks"
RewriteCond %{REQUEST_URI} !^WebLinks$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?africapic\.com [NC]
RewriteRule ^([^.]+\.jpg)$ - [NC,F]

Any ideas? I'm trying to prevent hotlinking of .jpg files on a friends website but its just not working. Would really appreciate any help...
blindlemon1983
 
Posts: 8
Joined: Fri Sep 14, 2007 11:56 am

Postby richardk » Fri Oct 12, 2007 11:15 am

Is that all the mod_rewrite you've got? Test if mod_rewrite is enabled and allowed.

Try
Code: Select all
Options +FollowSymLinks

RewriteEngine On

RewriteCond %{REQUEST_URI} !^/WebLinks(/.*)?$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?africapic\.com(/.*)?$ [NC]
RewriteRule \.jpg$ - [NC,F]
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Postby blindlemon1983 » Fri Oct 12, 2007 11:55 am

Mod rewrite is enabled and allowed.
I do have other code though, here's my full mod-rewrite code...
Code: Select all
Options +FollowSymLinks
RewriteEngine On



RewriteCond %{REQUEST_URI} !^/WebLinks(/.*)?$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?africapic\.com(/.*)?$ [NC]
RewriteRule \.jpg$ - [NC,F]

RewriteRule ^stock-photography-([a-zA-Z_()0-9]+)-([a-zA-Z_()'"0-9]+)-photos-pictures-images-([0-9]+)\.html$ /index.php?pId=102&id=$3&start=0 [L]

# Sitemap URLS
RewriteRule ^(.*)-pictures-([0-9]+)\.html$ /index.php?pId=102&id=$2&start=0 [L]
RewriteRule ^pictures-of-([a-zA-Z_()'"0-9]+)-stock-photography-photos-([0-9]+)\.html$ /index.php?pId=102&id=$2&start=0 [L]

# Sitemap Galleries Previous
RewriteRule ^gallery/([a-zA-Z]+)/([a-zA-Z]+)/([0-9]+).html$ /index.php?category=gallery/$1/$2&start=$3 [L]
RewriteRule ^gallery/([a-zA-Z]+)/([0-9]+).html$ /index.php?category=gallery/$1&start=$2 [L]
RewriteRule ^gallery/([a-zA-Z]+)/([a-zA-Z]+)/([a-zA-Z]+)/([0-9]+).html$ /index.php?category=gallery/$1/$2/$3&start=$4 [L]
RewriteRule ^gallery/([a-zA-Z]+)/([a-zA-Z]+)/([a-zA-Z]+)/([a-zA-Z]+)/([0-9]+).html$ /index.php?category=gallery/$1/$2/$3/$4&start=$5 [L]
blindlemon1983
 
Posts: 8
Joined: Fri Sep 14, 2007 11:56 am

Postby richardk » Fri Oct 12, 2007 12:04 pm

None of the other rules should conflict with it. What problem are you having? Is it blocking too many people, or no one?

Replace
Code: Select all
!^http://(www\.)?africapic\.com(/.*)?$

with
Code: Select all
!^(http://(www\.)?africapic\.com(/.*)?)?$
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Postby blindlemon1983 » Fri Oct 12, 2007 12:15 pm

Noone (as far as I can tell) gets blocked. http://snake-pictures.blogspot.com/ for instance has images hotlinked from the site but they still show up.
blindlemon1983
 
Posts: 8
Joined: Fri Sep 14, 2007 11:56 am

Postby richardk » Fri Oct 12, 2007 12:56 pm

As a test, try it without any other mod_rewrite.

Also try
Code: Select all
RewriteCond %{HTTP_REFERER} !^(http://(www\.)?africapic\.com(/.*)?)?$ [NC]
RewriteRule \.jpg$ http://www.google.com/intl/en/logos/Logo_60wht.gif [NC,R,L]

They should get the Google logo instead.
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Postby blindlemon1983 » Fri Oct 12, 2007 1:09 pm

Still doesn't work I'm afraid.
blindlemon1983
 
Posts: 8
Joined: Fri Sep 14, 2007 11:56 am

Does anyone know why this is not working??

Postby blindlemon1983 » Fri Oct 12, 2007 2:03 pm

Still can't get this thing figured out. Can anyone help??
blindlemon1983
 
Posts: 8
Joined: Fri Sep 14, 2007 11:56 am

Postby richardk » Fri Oct 12, 2007 2:06 pm

Does
Code: Select all
RewriteRule \.jpg$ http://www.google.com/intl/en/logos/Logo_60wht.gif [NC,R,L]

on it's own work?

If you create a link to /abc and use
Code: Select all
RewriteRule ^abc$ http://www.google.com/search?hl=en&btnG=Google+Search&q=%{HTTP_REFERER} [NC,R,L]

what is the value of q in the address bar/the search field after the redirect?
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Postby blindlemon1983 » Fri Oct 12, 2007 2:29 pm

OK, the value of q was http://www.africapic.com/sm_40.html (the page I put the link on) so that's working fine. I tried the 1st code you mentioned by itself and it didn't work. The other mod-rewrites work fine its just this one. Wonder why...
blindlemon1983
 
Posts: 8
Joined: Fri Sep 14, 2007 11:56 am

Next

Return to Security with Mod_Rewrite

Who is online

Users browsing this forum: No registered users and 8 guests

cron