Hiya
I seem to have run into a small problem but that could be me just so I'm not sure.
Anyway I have a htaccess file in my root directory to stop direct linking however it is not working.
I also have some in folders to prevent viewing the index and that is working.
So my problem is how do I get the htaccess to work for the direct linking???
I don't want to open my site until I can get it to work
Thanks for any help.
not sure what you mean by direct linking... if you mean hotlinking (another site using your image inside their page), it is getting harder to block.
many software and devices are now removing or garbling the referer header which is used to allow or block hotlinking. i must also say that blocking hotlinking may cause problems with google image search.
i know this info won't help you a lot, but it may help you reconsider this "protection" which is generally useless.
Hiya
Sorry I did mean hotlinking. it worked before on the other freepgs system not sure why it's not working now.
It possible that you were on Plesk lasttime? Maybe thats why its not working this time...
Ive never been on the plesk system.
Im talking about the sites hosted on freepgs.com
Htaccess to stop hotlinking worked on the system before the fire but now its not.
I thought it was my cache so I cleaned it out but still no good, I even uploaded a image that has not been viewed by my browser and still it does not work it was able to be hotlinked.
Thanks
Could you post the .htaccess file (at least the part you're using for the hotlinking...)
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?freepgs.com/pinkness/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?freepgs.com/pinkness.*$ [NC]
RewriteRule \.(gif|jpg)$ - [F]
Not sure if this is the only error, but I fixed one.
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?freepgs.com/pinkness/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?freepgs.com/pinkness.*$ [NC]
RewriteRule \.(gif|jpg)$ - [F,L]
Hi
I tried it with your fix but still the same no change. I honestly donnt know whats up with it.
Does the server allow mod rewrite?
Thanks
mod_rewrite is enabled.
Changes I made in the code below :
- Added an [OR] between two RewriteCond
- Simplify your rewrite code a bit so it will run faster
- Added PNG as a protected extension
Try this :
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$ [OR]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?freepgs.com/pinkness(/.*)?$ [NC]
RewriteRule \.(gif|jpg|png)$ / [F,L]
Both examples were originally provided, but the first one seems to be buggy. The second one works :
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^(http://(www\.)?freepgs.com/pinkness(/.*)?)?$ [NC]
RewriteRule \.(gif|jpg|png)$ / [F,L]
Hiya webzone
You are FANTASTIC!!!!! It works like a charm, thank you.
you're welcome
Hiya
Although this is working when I tested it yesterday I never checked my site until now. I had to remove the htaccess because its not allowing the images to load on the site.
It was originally in the main directory so I tried placing it in the same folder as the images but they still would not load. Any suggestions.
Thanks
which code are you using? i realize that there might be something wrong with the first one (i should check this out), but the second one should work as expected. as a reminder, here is the second code :
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^(http://(www\.)?freepgs.com/pinkness(/.*)?)?$ [NC]
RewriteRule \.(gif|jpg|png)$ / [F,L]
Hiya
I just tried the second code and images still can be hotlinked.
The first code prevented hotlinking but also prevented images from showing up on the site.
I think your best bet is to design a script that renames and accesses files constantly. It might be inconvenient and slow, but if you make a page that links to an image folder, you could crate random numbers, and have the script rename the files based on the numbers, and then set variables. The variables would be echoed into the html content for the filename of the image. the names would actually physically change every time you visite dthe page and hotlinking would be impossible because the urls would be wrong. You'd have to store the latest names in a database so that you could get to them each time to change there name and resave the new name.
It ends up being very messy and probably would load very slowly, but NOTHING could get through it, hotlinking would be impossible by any means. (Unless nobody ever visited your page and made the filenames change. . . le's hope that's never the case though. :P)
I have another theory of image embedding. What if CSS could plot a single pixil on the screen and it's color? You could make a program that takes images and re-writes them in css plotting. then you'ld just link to the CSS page or stick the css in and you'd have your image. It would be impossible to copy because it wouldn't be a real image. You'd have to do printscreen. My plan failed when I realized that a simple 800x600 image would have TONS of code. Filesizes would actually be bigger than normal images . . but you'd never have to upload mages again! you could just "write" them! :D
And people couldn't hotlink to them because there would be nothing to link to. The negative is that they could view your pages source and copy the code. I'm working out the kinks but I think pseudo-images are the © protectant of the future.
My third idea is Still Video. Most computers can't use prinscreen to copy certain video filetypes (Just go to launch.com and try to use printscreen during a video, you just get a black space) So we should create a filetype that loads the image as that type of video, that constantly loops its 1 frame infinitly. It couldn't be linked to if it was embedded right, like a Real Player RAM file, it couldn't be copy/pasted or printscreened either....
surprising... this code :
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^(http://(www\.)?enviroeeil.yi.org(/.*)?)?$ [NC]
RewriteRule \.(gif|jpg|png)$ / [F,L]
allowed me to block hotlinking on my website when I tested it a few minutes ago.
obviously, i changed the address to match the one of my website, but it prooves that it works
Quote from: webzone on November 30, 2005, 05:03:05 AM
surprising... this code :
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^(http://(www\.)?enviroeeil.yi.org(/.*)?)?$ [NC]
RewriteRule \.(gif|jpg|png)$ / [F,L]
allowed me to block hotlinking on my website when I tested it a few minutes ago.
obviously, i changed the address to match the one of my website, but it prooves that it works
Could you use that to allow Certain Sites to hotlink? Like if I had 2 or 3 I wanted to be able to hotlink from me but not everyone?
ALSO, If you wanted
blahblah.com/sixthcrusifix
to be able to hotlink, but not anyone else from blahblah.com
Could you do that too?
@infinity
I just made some checks using wget and your website effectively blocks .gif .jpg and .png requests from any referer other than your own website.
You browser (or some privacy software) might be sending incorrect referer information (or none at all) or the image is still in your cache. Clear your browser cache, then try again.
@sixthcrusifix
I have not tested it, but you might try to add a RewriteCond line for each of your hosts like :
RewriteCond %{HTTP_REFERER} !^(http://(www\.)?enviroeeil.yi.org(/.*)?)?$ [NC]
RewriteCond %{HTTP_REFERER} !^(http://(.*\.)?google.com(/.*)?)?$ [NC]
RewriteCond %{HTTP_REFERER} !^(http://(www\.)?freepgs.com/webzone(/.*)?)?$ [NC]
If you try it, could you just leave a note here to tell me if it works?
Quoteblahblah.com/sixthcrusifix
to be able to hotlink, but not anyone else from blahblah.com
Then, simply put blahblah.com/sixthcrusifix as an allowed site. If you do not explicitly allow blahblah.com, then it will be blocked.
Quote from: webzone on November 30, 2005, 05:07:35 AM
@infinity
I just made some checks using wget and your website effectively blocks .gif .jpg and .png requests from any referer other than your own website.
@sixthcrusifix
I have not tested it, but you might try to add a RewriteCond line for each of your hosts like :
RewriteCond %{HTTP_REFERER} !^(http://(www\.)?enviroeeil.yi.org(/.*)?)?$ [NC]
RewriteCond %{HTTP_REFERER} !^(http://(.*\.)?google.com(/.*)?)?$ [NC]
RewriteCond %{HTTP_REFERER} !^(http://(www\.)?freepgs.com/webzone(/.*)?)?$ [NC]
If you try it, could you just leave a note here to tell me if it works?
Quoteblahblah.com/sixthcrusifix
to be able to hotlink, but not anyone else from blahblah.com
Then, simply put blahblah.com/sixthcrusifix as an allowed site. If you do not explicitly allow blahblah.com, then it will be blocked.
Didn't work for me. It let me link to a jpeg from my site even though I didn't include the site I linked from. Was there any othe rcode supposed to be in there??
what did you try exactly?
Quote from: webzone on November 30, 2005, 05:29:10 AM
what did you try exactly?
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^(http://(www\.)?petpages.neopets.com/~jynnxx(/.*)?)?$ [NC]
RewriteCond %{HTTP_REFERER} !^(http://(www\.)?petpages.neopets.com/~___nevermore(/.*)?)?$ [NC]
RewriteRule \.(gif|jpg|png|wav|mp3|mid)$ / [F,L]
it is technically supposed to work. however, i must log off so I can't check this tonight. I'll check that out tomorrow, unless someone else finds an answer quicker than me.
Quote from: webzone on November 30, 2005, 05:41:06 AM
it is technically supposed to work. however, i must log off so I can't check this tonight. I'll check that out tomorrow, unless someone else finds an answer quicker than me.
What it ended up doing was blocking most sites but instead of allowing ONLY neopets.com/whatever it let the whole neopets.com access the files. I guess directories don't work.
Just a couple notes on this topic.
You should always allow people to view the image if they don't send any referer header at all, because some browsers don't. (or if they just typed the URL in, it wouldn't send a referer header).
On top of that, you should always let people with google as a referer view images, because you really don't want to alienate visitors coming from the largest search engine ever, do you?
Quote from: neosquared on November 30, 2005, 09:05:28 AM
Just a couple notes on this topic.
You should always allow people to view the image if they don't send any referer header at all, because some browsers don't. (or if they just typed the URL in, it wouldn't send a referer header).
On top of that, you should always let people with google as a referer view images, because you really don't want to alienate visitors coming from the largest search engine ever, do you?
YEah I see what you mean. I still like my idea, as slow moving as it would be. It woul dwork great with a gallery where you only have to update 1 name at a time.
QuoteYou should always allow people to view the image if they don't send any referer header at all, because some browsers don't. (or if they just typed the URL in, it wouldn't send a referer header).
If you check the code that I posted, it allows empty referer headers. Of course, a referer check is never a good idea because it works only half of the time and because it is easy to bypass, but it is the easier and faster way to prevent hotlinking.
Quote from: webzone on November 30, 2005, 09:01:03 PM
QuoteYou should always allow people to view the image if they don't send any referer header at all, because some browsers don't. (or if they just typed the URL in, it wouldn't send a referer header).
If you check the code that I posted, it allows empty referer headers. Of course, a referer check is never a good idea because it works only half of the time and because it is easy to bypass, but it is the easier and faster way to prevent hotlinking.
Hey I did what I said I'd do. The code for this page will store the image name in a MySQL database, it access thenames, changes it snd physically renames the file based on a random number. That waty, everytime somone visites the page the URL changes and hotllinking is impossible. At the moment it does this all at first so that the image can definitely load. If your site sucks and no one revisits the page hotlinking would still be possible. I thought of changing the name AFTER the image is displayed so that the images URL would always be wrong but I was afraid it might keep the images from loading in the first place.
The text around is just debugging stuff: http://crystalchasm.net/MAIN/music/TESTY.php
my comment in this thread was relative to the hotlinking protection using .htaccess. the code I posted in this thread effectively allows empty referer headers.
my comment about your code idea was posted in the appropriate thread in "general discussion"...
Quote from: webzone on December 01, 2005, 04:04:53 AM
my comment in this thread was relative to the hotlinking protection using .htaccess. the code I posted in this thread effectively allows empty referer headers.
my comment about your code idea was posted in the appropriate thread in "general discussion"...
oh whoops I have off topic tendencies.
I still can't get my .htaccess files to do what they say. It works if I add mp3|wav|mid in the filetypes too right?
adding extensions to the .htaccess protection won't cause a problem. this time, i tested it.
but i still can't seem to get the code allowing multiple referer domains to work as intended.
This is typically because you do not have the correct flags at the end of the rules or conditions (in []) to specify if this is the last rule, etc.
Please see http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html for more information. You may need to use [OR] on the RewriteCond lines for example.
Thank you,
FreePgs.com Admin
Example: Your site url is www.example.com. To stop hotlinking images from an outside domain and display an image called nohotlink.jpg instead, use this code in your .htaccess file:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com/ [NC
RewriteCond %{HTTP_REFERER} !^$
RewriteRule \.(jpe?g|gif|bmp|png)$ images/nohotlink.jpg [L]
To allow hotlinking images only if the REFERER (sic) is from a specific directory from your domain:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com/dir/ [NC
RewriteCond %{HTTP_REFERER} !^$
RewriteRule \.(jpe?g|gif|bmp|png)$ images/nohotlink.jpg [L]
To stop hotlinking images from specific outside domains only, named badsite.net and badsite.com:
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://(www\.)?badsite\.net/ [NC,OR
RewriteCond %{HTTP_REFERER} ^http://(www\.)?badsite\.com/ [NC
RewriteRule \.(jpe?g|gif|bmp|png)$ images/nohotlink.jpg [L]
Limit bandwidth usage by returning a 403 forbidden code. Replace the last line of the previous examples with this line:
RewriteRule \.(jpe?g|gif|bmp|png)$ - [F]
Warning: Do not use .htaccess to redirect image hotlinks to another HTML page or server that isn't your own (such as this web page). Hotlinked images can only be redirected to other images, not to HTML pages.
As with any .htaccess rewrites, you may block some legitimate traffic (such as users behind proxies or privacy firewalls) using these techniques.
source: http://altlab.com/htaccess_tutorial.html
The two first examples mostly come to the exact same thing that the code I provided does. In fact, my code is mostly a compressed version of this.
By the way, there are many missing ] in the samples. It should be [NC], for instance.
i had tried your sample but your first sample blocks all images and the second can be still hotlinked...
you should test your sample thoroughly
i did all the necessary tests already. i admitted soon after i added my post that the first example might not work. however, the second one works well and really disables hotlinking.
Quoteyou should test your sample thoroughly
or maybe should you use my samples better?
i mean : it works. i made all necessary tests and even more. i'm using it (temporarily) right now.
---
correction (5:55) : I also tested the code with more than one RewriteCond line and it works. My code can really restrict to directories and can allow multiple hosts (by using more than one RewriteCond in a row). Note however, that there is a little difference between the tested code and the published one (this error has been fixed since) where the dash (-) in RewriteRule was changed to a backslash.