Bandwidth Theft

Fix it!!

Postby Guest » Tue Nov 23, 2004 12:08 pm

Tom Kagan wrote:The RewriteRule in the above examples can be changed to the following to handle more cases where you do not want hotlinking (Of course, you still need the RewriteCond directives applicable to your site):

RewriteRule .*\.(css|gif|jpg|ico|png|GIF|JPG|jpe|jpeg).*$ - [G,L]

The most important addition in the above change is the .* after the file extension list. This prevents defeating hotlink blocking if the bandwidth pirate adds extra characters to the end of the name (e.g.: http://host.com/mypic.jpg?hotlinkbuster) This change does introduce a limitation, however: You can no longer have a subdirectory named with the same blocked extension (e.g: /adir.icostuff/thefile.html will be blocked).


What f you instead use:

RewriteRule .*\.(css|gif|jpg|ico|png|GIF|JPG|jpe|jpeg)\?.*$ - [G,L]

Shouldn't that allow /adir.icostuff/thefile.html but block http://host.com/mypic.jpg?hotlinkbuster

??
Guest
 

Postby bokehman » Sat Feb 11, 2006 4:41 am

Sorry, I know this thread is old, but, ¿Why does everyone write these terrible static rules. Why not make them dynamic?

Code: Select all
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://%{HTTP_HOST}/ [NC]
RewriteRule \.(css|gif|jpg|ico|png|jpe|jpeg)$ - [NC,F,L]


I would also prefer the follow (what to include rather than exclude).
Code: Select all
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://%{HTTP_HOST}/ [NC]
RewriteRule !\.(htm|html|php|pl)$ - [NC,F,L]
bokehman
 
Posts: 3
Joined: Sat Feb 11, 2006 4:31 am

Previous

Return to Security with Mod_Rewrite

Who is online

Users browsing this forum: No registered users and 15 guests

cron