Bandwidth bandit

Fix it!!

Bandwidth bandit

Postby Matt » Tue Jan 04, 2005 7:04 am

I'm completely new to mod_rewrite. I'm converting from IIS to apache just to leverage this "Voodoo"!

I've read some posts regarding the topic of bandwidth theives. I'm going to build a photo gallery, and I dont want others scumming my photos.

I've found this code on the forum for restricting access to images within the site

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://localhost/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://mywebsite/images/.*$ [NC]
RewriteRule .*\.(gif|GIF|jpg|JPG|JPEG|pjpeg).*$ http://mywebsite/images/bad.gif [L,R]

If I do a inline image tag with an absolute path it doesnt serve up my bad image. if I type in the absolute path into the address bar I get the bad image in firefox, but the orginal image shows up in IE.

any clues?

BTW: what's the deal with the russian dude calling everyone suckers?
Matt
 

Postby Caterham » Tue Jan 04, 2005 11:02 am

Code: Select all
BTW: what's the deal with the russian dude calling everyone suckers?
I don't know what happened may be in the past :confused:
but the orginal image shows up in IE.
This is caused by
RewriteCond %{HTTP_REFERER} !^$
there is no referer, if you call a file directly through the browser.
If I do a inline image tag with an absolute path it doesnt serve up my bad image
The absolute path is not the point. The server cannot recognize if that was an absolute path. The browser submits a usual GET-Request to the server. It might be a difference for the browser "how to get the URL (../ -> 2 dirs up etc.)" but not for the GET-Request. What's the referer / URL of that page? It's only about the referer.

Bob
Caterham
 
Posts: 690
Joined: Fri Dec 10, 2004 1:30 pm

Bandwidth bandit

Postby matt » Wed Jan 05, 2005 7:25 am

Im confused now for sure.

I thought the RewriteRule would prevent other websites from doing this:
Code: Select all
<img src="http://mysite.com/images/someimage.jgp">


I dont really care if users type the absolute path in the address bar, I just dont want them HotLINking to my images.


check this article, I even tried his example, but it didnt work either
http://www.alistapart.com/articles/hotlinking/



thanks for the reply.
Matt [/url][/code]
matt
 

Postby Caterham » Wed Jan 05, 2005 9:08 am

If I do a inline image tag with an absolute path it doesnt serve up my bad image.
Sonds like tested within your website-host??

Does your browser submit the correct referer? Or is your referer blocked by some proxy-servers/firewalls/webwasher etc.?
Caterham
 
Posts: 690
Joined: Fri Dec 10, 2004 1:30 pm

Re: Bandwidth bandit

Postby janra » Wed Jan 05, 2005 5:44 pm

matt wrote:check this article, I even tried his example, but it didnt work either
http://www.alistapart.com/articles/hotlinking/


Ahh, I'm using the same mod_rewrite recipe! I'm having a different problem than you are though, matt.

matt wrote:If I do a inline image tag with an absolute path it doesnt serve up my bad image.


Where are you making this inline image? If it's on your domain, it should show the correct image.

You could try writing out a link to one of your images here, then clicking on it. That should (unless your browser or firewall blocks referers) give you the "bad" image instead of the one you requested.

matt wrote:if I type in the absolute path into the address bar I get the bad image in firefox, but the orginal image shows up in IE


In this case, you should get the good image, because there is no referer sent when you type the URL in directly, and ALA's recipe lets those requests have the good image. Have you tried clearing your browser's cache and doing a forced reload (shift-reload usually)?

-j
janra
 


Return to Security with Mod_Rewrite

Who is online

Users browsing this forum: No registered users and 13 guests

cron