News:

The "Support Requests" forum is now viewable by guests.

Main Menu

htaccess

Started by infinity, November 28, 2005, 01:07:40 AM

Previous topic - Next topic

sixthcrusifix

#15
I think your best bet is to design a script that renames and accesses files constantly. It might be inconvenient and slow, but if you make a page that links to an image folder, you could crate random numbers, and have the script rename the files based on the numbers, and then set variables. The variables would be echoed into the html content for the filename of the image. the names would actually physically change every time you visite dthe page and hotlinking would be impossible because the urls would  be wrong. You'd have to store the latest names in a database so that you could get to them each time to change there name and resave the new name.

It ends up being very messy and probably would load very slowly, but NOTHING could get through it, hotlinking would be impossible by any means. (Unless nobody ever visited your page and made the filenames change. . . le's hope that's never the case though. :P)


I have another theory of image embedding. What if CSS could plot a single pixil on the screen and it's color? You could make a program that takes images and re-writes them in css plotting. then you'ld just link to the CSS page or stick the css in and you'd have your image. It would be impossible to copy because it wouldn't be a real image. You'd have to do printscreen. My plan failed when I realized that a simple 800x600 image would have TONS of code. Filesizes would actually be bigger than normal images . . but you'd never have to upload mages again! you could just "write" them! :D

And people couldn't hotlink to them because there would be nothing to link to. The negative is that they could view your pages source and copy the code. I'm working out the kinks but I think pseudo-images are the © protectant of the future.

My third idea is Still Video. Most computers can't use prinscreen to copy certain video filetypes (Just go to launch.com and try to use printscreen during a video, you just get a black space) So we should create a filetype that loads the image as that type of video, that constantly loops its 1 frame infinitly. It couldn't be linked to if it was embedded right, like a Real Player RAM file, it couldn't be copy/pasted or printscreened either....
Visite me website at http://www.sixthcrusifix.com

webzone (archived)

surprising... this code :

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^(http://(www\.)?enviroeeil.yi.org(/.*)?)?$ [NC]
RewriteRule \.(gif|jpg|png)$ / [F,L]

allowed me to block hotlinking on my website when I tested it a few minutes ago.
obviously, i changed the address to match the one of my website, but it prooves that it works

sixthcrusifix

#17
Quote from: webzone on November 30, 2005, 05:03:05 AM
surprising... this code :

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^(http://(www\.)?enviroeeil.yi.org(/.*)?)?$ [NC]
RewriteRule \.(gif|jpg|png)$ / [F,L]

allowed me to block hotlinking on my website when I tested it a few minutes ago.
obviously, i changed the address to match the one of my website, but it prooves that it works

Could you use that to allow Certain Sites to hotlink? Like if I had 2 or 3 I wanted to be able to hotlink from me but not everyone?

ALSO, If you wanted

blahblah.com/sixthcrusifix
to be able to hotlink, but not anyone else from blahblah.com

Could you do that too?
Visite me website at http://www.sixthcrusifix.com

webzone (archived)

#18
@infinity
I just made some checks using wget and your website effectively blocks .gif .jpg and .png requests from any referer other than your own website.
You browser (or some privacy software) might be sending incorrect referer information (or none at all) or the image is still in your cache. Clear your browser cache, then try again.

@sixthcrusifix
I have not tested it, but you might try to add a RewriteCond line for each of your hosts like :
RewriteCond %{HTTP_REFERER} !^(http://(www\.)?enviroeeil.yi.org(/.*)?)?$ [NC]
RewriteCond %{HTTP_REFERER} !^(http://(.*\.)?google.com(/.*)?)?$ [NC]
RewriteCond %{HTTP_REFERER} !^(http://(www\.)?freepgs.com/webzone(/.*)?)?$ [NC]

If you try it, could you just leave a note here to tell me if it works?

Quoteblahblah.com/sixthcrusifix
to be able to hotlink, but not anyone else from blahblah.com

Then, simply put blahblah.com/sixthcrusifix as an allowed site. If you do not explicitly allow blahblah.com, then it will be blocked.

sixthcrusifix

Quote from: webzone on November 30, 2005, 05:07:35 AM
@infinity
I just made some checks using wget and your website effectively blocks .gif .jpg and .png requests from any referer other than your own website.

@sixthcrusifix
I have not tested it, but you might try to add a RewriteCond line for each of your hosts like :
RewriteCond %{HTTP_REFERER} !^(http://(www\.)?enviroeeil.yi.org(/.*)?)?$ [NC]
RewriteCond %{HTTP_REFERER} !^(http://(.*\.)?google.com(/.*)?)?$ [NC]
RewriteCond %{HTTP_REFERER} !^(http://(www\.)?freepgs.com/webzone(/.*)?)?$ [NC]

If you try it, could you just leave a note here to tell me if it works?

Quoteblahblah.com/sixthcrusifix
to be able to hotlink, but not anyone else from blahblah.com

Then, simply put blahblah.com/sixthcrusifix as an allowed site. If you do not explicitly allow blahblah.com, then it will be blocked.


Didn't work for me. It let me link to a jpeg from my site even though I didn't include the site I linked from. Was there any othe rcode supposed to be in there??
Visite me website at http://www.sixthcrusifix.com

webzone (archived)

what did you try exactly?

sixthcrusifix

Quote from: webzone on November 30, 2005, 05:29:10 AM
what did you try exactly?


RewriteEngine on
RewriteCond %{HTTP_REFERER} !^(http://(www\.)?petpages.neopets.com/~jynnxx(/.*)?)?$ [NC]
RewriteCond %{HTTP_REFERER} !^(http://(www\.)?petpages.neopets.com/~___nevermore(/.*)?)?$ [NC]

RewriteRule \.(gif|jpg|png|wav|mp3|mid)$ / [F,L]
Visite me website at http://www.sixthcrusifix.com

webzone (archived)

it is technically supposed to work. however, i must log off so I can't check this tonight. I'll check that out tomorrow, unless someone else finds an answer quicker than me.

sixthcrusifix

Quote from: webzone on November 30, 2005, 05:41:06 AM
it is technically supposed to work. however, i must log off so I can't check this tonight. I'll check that out tomorrow, unless someone else finds an answer quicker than me.

What it ended up doing was blocking most sites but instead of allowing ONLY neopets.com/whatever it let the whole neopets.com access the files. I guess directories don't work.
Visite me website at http://www.sixthcrusifix.com

neosquared

Just a couple notes on this topic.
You should always allow people to view the image if they don't send any referer header at all, because some browsers don't.  (or if they just typed the URL in, it wouldn't send a referer header).
On top of that, you should always let people with google as a referer view images, because you really don't want to alienate visitors coming from the largest search engine ever, do you?
Don't take servers for granted.
Everything is flammable, if you get it hot enough.
Visit my website!  It'll make you cooler!

sixthcrusifix

Quote from: neosquared on November 30, 2005, 09:05:28 AM
Just a couple notes on this topic.
You should always allow people to view the image if they don't send any referer header at all, because some browsers don't.  (or if they just typed the URL in, it wouldn't send a referer header).
On top of that, you should always let people with google as a referer view images, because you really don't want to alienate visitors coming from the largest search engine ever, do you?

YEah I see what you mean. I still like my idea, as slow moving as it would be. It woul dwork great with a gallery where you only have to update 1 name at a time.
Visite me website at http://www.sixthcrusifix.com

webzone (archived)

QuoteYou should always allow people to view the image if they don't send any referer header at all, because some browsers don't.  (or if they just typed the URL in, it wouldn't send a referer header).

If you check the code that I posted, it allows empty referer headers. Of course, a referer check is never a good idea because it works only half of the time and because it is easy to bypass, but it is the easier and faster way to prevent hotlinking.

sixthcrusifix

Quote from: webzone on November 30, 2005, 09:01:03 PM
QuoteYou should always allow people to view the image if they don't send any referer header at all, because some browsers don't.  (or if they just typed the URL in, it wouldn't send a referer header).

If you check the code that I posted, it allows empty referer headers. Of course, a referer check is never a good idea because it works only half of the time and because it is easy to bypass, but it is the easier and faster way to prevent hotlinking.
Hey I did what I said I'd do. The code for this page will store the image name in a MySQL database, it access thenames, changes it snd physically renames the file based on a random number. That waty, everytime somone visites the page the URL changes and hotllinking is impossible. At the moment it does this all at first so that the image can definitely load. If your site sucks and no one revisits the page hotlinking would still be possible. I thought of changing the name AFTER the image is displayed so that the images URL would always be wrong but I was afraid it might keep the images from loading in the first place.

The text around is just debugging stuff: http://crystalchasm.net/MAIN/music/TESTY.php
Visite me website at http://www.sixthcrusifix.com

webzone (archived)

my comment in this thread was relative to the hotlinking protection using .htaccess. the code I posted in this thread effectively allows empty referer headers.

my comment about your code idea was posted in the appropriate thread in "general discussion"...

sixthcrusifix

Quote from: webzone on December 01, 2005, 04:04:53 AM
my comment in this thread was relative to the hotlinking protection using .htaccess. the code I posted in this thread effectively allows empty referer headers.

my comment about your code idea was posted in the appropriate thread in "general discussion"...

oh whoops I have off topic tendencies.

I still can't get my .htaccess files to do what they say. It works if I add mp3|wav|mid in the filetypes too right?
Visite me website at http://www.sixthcrusifix.com