Hotlinking protection? - GoFuckYourself.com

alexg · 04-02-2004, 04:15 AM

Can someone give me the code to put in the .htaccess file to prevent direct linking to pics on my domain, from outside of my domain? thanks

swedguy · 04-02-2004, 04:18 AM

http://www.google.com/search?sourcei...ink+protection
http://www.google.com/search?num=30&...tlink+htaccess

Gheenz · 04-02-2004, 04:19 AM

http://www.htmlbasix.com/

alexg · 04-02-2004, 05:55 AM

can someone just give me the code to put? I'm sure a lot of you use that code already, so please just copy it for me..it should be a simple code

swedguy · 04-02-2004, 05:57 AM

You Sir, are LAZY!

jimmyf · 04-02-2004, 05:58 AM

Apache Rewrite Module
The mod_rewrite Apache module is one of the best tools you can have on
your server to help prevent unauthorized sites "hotlinking" your images
or other files. Providing that your server has been set up for it,
you can use this module for a number of things.

To prevent unauthorised use of files and images
To hide the real location of files on the server
To translate script input from one format to another
To redirect the user based on...
time of day
file they accessed
network they are connecting from
or anything else that can identify them as part of a "group" of users
Preventing Hotlinking
The most common use of the RewriteEngine is to limit access to specific file
types on the server. To do this, you will need to add some rules and
conditions to your .htaccess file so that the server knows what to look
for and what to do when it finds requests that don't meet the criteria.

When editing your .htaccess file it is recommended that you use Notepad
or equivalant to keep the file clean. Remember to upload the file
in ASCII mode!

Here is a generic version of the code you will want to use. Of course you
will need to make changes before it will work the way you want it to;
replace all instances of you.com with your own domain name and add or
remove file types as you see fit.

Rewriteengine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://your_domain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.your_domain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.trusted.com/.*$ [NC]
RewriteRule .*\.(gif|GIF|jpg|JPG)$ - [F]

How does it Work?
It's all very well having the code, but you may be interested to know how
it works so that you can have a go at editing it to behave more like you
want it to. If you ever want to disable the rules, it is much better to
use the Rewriteengine statement to switch them off as opposed to commenting
them out or deleting them from your file.

The RewriteCond lines tells the server to look for requests
with HTTP_REFERER strings that are not empty and that match valid uses of
your domain as you define them in the file.

The ! at the start of the condition pattern means not, and so negates the
result of the pattern that follows it. ^ and $ are special characters used
to match the start and the end of the string in question. So the pattern
^http:// would look for strings starting in http:// and gif$ would match
strings ending in gif. The sequence .* will match any character for 0 or
more times, and so adding it to the start or end of a particular string
will allow fuzzy pattern matching of sorts.

The [NC] flag at the end of the RewriteCond lines tells the server to
ignore the case (no case) while looking for matches.

The RewriteRule line tells the server how to deal with the requests that
match the condition. In this case it is looking for requests to image files
that end in .gif or .jpg (either in all capital letters or all lower case,
the options to match are shown in brackets separated by the | character).
Note that the . has to be un-escaped by adding a \ in front of it as it is
the special character that denotes other characters.

When it finds a request that has passed all the conditions and matches the
rule, it will rewrite the request with -, although this could just as easily
go to a page on your site. Finally the [F] flag tells the server how to
respond to the request, in this particular case, it will tell the browser
that it is forbidden from retrieving that file.

jimmyf · 04-02-2004, 06:04 AM

Here you go replace the XX's with your numbers
you can also add error 405 and such
Oh and don't forget this or it won't work
When editing your .htaccess file it is recommended that you use Notepad or equivalant to keep the file clean. Remember to upload the file in ASCII mode! Also hit the enter key after the last line I do 2 myself.

AuthUserFile /dev/null
AuthGroupFile /dev/null
AddHandler server-parsed .html
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://yourdomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com:80/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://yourdomain.com:80/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://XXX.XX.XXX.XXX/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://XXX.XX.XXX.XXX:80/.*$ [NC]
RewriteRule .*\.jpg$ http://www.yourdomain.com [R,L]

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://yourdomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com:80/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://yourdomain.com:80/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://XXX.XX.XXX.XXX/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://XXX.XX.XXX.XXX:80/.*$ [NC]
RewriteRule .*\.gif$ http://www.yourdomain.com [R,L]
ErrorDocument 404 http://www.yourdomain.com/

SplitInfinity · 04-02-2004, 06:04 AM

Easy,

Just put a piece of tape (sticky side in) over your content directory.
This will cause your content to stick in the directory, whle your
hotlinkers slip and slide off the directory..

I hope this helped.

Love,
Me

the_wizz · 04-02-2004, 06:07 AM

Quote:

Originally posted by SplitInfinity
Easy,

Just put a piece of tape (sticky side in) over your content directory.
This will cause your content to stick in the directory, whle your
hotlinkers slip and slide off the directory..

I hope this helped.

Love,
Me

That made me laugh... haha!

alexg · 04-02-2004, 06:14 AM

Quote:

Originally posted by jimmyf
Here you go replace the XX's with your numbers
you can also add error 405 and such
Oh and don't forget this or it won't work
When editing your .htaccess file it is recommended that you use Notepad or equivalant to keep the file clean. Remember to upload the file in ASCII mode! Also hit the enter key after the last line I do 2 myself.

AuthUserFile /dev/null
AuthGroupFile /dev/null
AddHandler server-parsed .html
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://yourdomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com:80/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://yourdomain.com:80/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://XXX.XX.XXX.XXX/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://XXX.XX.XXX.XXX:80/.*$ [NC]
RewriteRule .*\.jpg$ http://www.yourdomain.com [R,L]

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://yourdomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com:80/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://yourdomain.com:80/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://XXX.XX.XXX.XXX/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://XXX.XX.XXX.XXX:80/.*$ [NC]
RewriteRule .*\.gif$ http://www.yourdomain.com [R,L]
ErrorDocument 404 http://www.yourdomain.com/

thanks bro.
much appreciated

mryellow · 04-02-2004, 06:14 AM

http://www.webpimps.com/scripts/htaccess/

-Ben

alexg · 04-02-2004, 06:19 AM

Quote:

Originally posted by alexg

thanks bro.
much appreciated

one question though,
do i need to place a .htaccess file in every directory? or is it enough to place it in the main directory and it will work for all other directories within the domain?

jimmyf · 04-02-2004, 07:10 AM

Quote:

Originally posted by alexg

one question though,
do i need to place a .htaccess file in every directory? or is it enough to place it in the main directory and it will work for all other directories within the domain?

you can place in the root and it will protect all

I usually put it every Dir. because i hot link my banners for one domain. and in my root have a htaccess 2 protect from rippers such as teleport

alexg · 04-02-2004, 07:30 AM

Quote:

Originally posted by jimmyf

you can place in the root and it will protect all

I usually put it every Dir. because i hot link my banners for one domain. and in my root have a htaccess 2 protect from rippers such as teleport

what's teleport?

mryellow · 04-02-2004, 07:31 AM

Code:

RewriteEngine on 
RewriteRule ^.*$ -

You can put that in your banners directory to turn off the rewrite conditions.

http://www.webpimps.com/scripts/htaccess/

Check out this site.... There is a lot of wrong htaccess info out there.

-Ben

swedguy · 04-02-2004, 07:32 AM

Quote:

Originally posted by alexg

what's teleport?

http://www.google.com/search?sourcei...F-8&q=teleport

alexg · 04-02-2004, 07:33 AM

Quote:

Originally posted by mryellow

Code:

RewriteEngine on RewriteRule ^.*$ -

You can put that in your banners directory to turn off the rewrite conditions.

http://www.webpimps.com/scripts/htaccess/

Check out this site.... There is a lot of wrong htaccess info out there.

-Ben

thanks

mryellow · 04-02-2004, 07:39 AM

btw everyone should have these lines in all their htaccess files.

Code:

RedirectMatch (.*)cmd.exe$ http://stoptheviruscold.invalid$1
RedirectMatch (.*)root.exe$ http://stoptheviruscold.invalid$1
RedirectMatch (.*).dll$ http://stoptheviruscold.invalid$1

It stops your server from showing 404 pages to IIS worms.

No need to have a worm download however many K of HTML.

-Ben

04-02-2004, 04:15 AM	#1
alexg IL4L.com Join Date: Aug 2003 Location: Israel - ICQ: 162136565 Posts: 11,287	Hotlinking protection? Can someone give me the code to put in the .htaccess file to prevent direct linking to pics on my domain, from outside of my domain? thanks __________________ Find fuck buddies in your area!

04-02-2004, 04:19 AM	#3
Gheenz Here's Your Sign Join Date: Oct 2003 Location: MT, USA Posts: 2,410	http://www.htmlbasix.com/ __________________ Those who can make you believe absurdities can make you commit atrocities. -Voltaire

04-02-2004, 05:55 AM	#4
alexg IL4L.com Join Date: Aug 2003 Location: Israel - ICQ: 162136565 Posts: 11,287	can someone just give me the code to put? I'm sure a lot of you use that code already, so please just copy it for me..it should be a simple code __________________ Find fuck buddies in your area!

04-02-2004, 05:58 AM	#6
jimmyf OU812 Join Date: Feb 2001 Location: California Posts: 12,651	Apache Rewrite Module The mod_rewrite Apache module is one of the best tools you can have on your server to help prevent unauthorized sites "hotlinking" your images or other files. Providing that your server has been set up for it, you can use this module for a number of things. To prevent unauthorised use of files and images To hide the real location of files on the server To translate script input from one format to another To redirect the user based on... time of day file they accessed network they are connecting from or anything else that can identify them as part of a "group" of users Preventing Hotlinking The most common use of the RewriteEngine is to limit access to specific file types on the server. To do this, you will need to add some rules and conditions to your .htaccess file so that the server knows what to look for and what to do when it finds requests that don't meet the criteria. When editing your .htaccess file it is recommended that you use Notepad or equivalant to keep the file clean. Remember to upload the file in ASCII mode! Here is a generic version of the code you will want to use. Of course you will need to make changes before it will work the way you want it to; replace all instances of you.com with your own domain name and add or remove file types as you see fit. Rewriteengine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://your_domain.com/.$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.your_domain.com/.$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.trusted.com/.$ [NC] RewriteRule .\.(gif\|GIF\|jpg\|JPG)$ - [F] How does it Work? It's all very well having the code, but you may be interested to know how it works so that you can have a go at editing it to behave more like you want it to. If you ever want to disable the rules, it is much better to use the Rewriteengine statement to switch them off as opposed to commenting them out or deleting them from your file. The RewriteCond lines tells the server to look for requests with HTTP_REFERER strings that are not empty and that match valid uses of your domain as you define them in the file. The ! at the start of the condition pattern means not, and so negates the result of the pattern that follows it. ^ and $ are special characters used to match the start and the end of the string in question. So the pattern ^http:// would look for strings starting in http:// and gif$ would match strings ending in gif. The sequence .* will match any character for 0 or more times, and so adding it to the start or end of a particular string will allow fuzzy pattern matching of sorts. The [NC] flag at the end of the RewriteCond lines tells the server to ignore the case (no case) while looking for matches. The RewriteRule line tells the server how to deal with the requests that match the condition. In this case it is looking for requests to image files that end in .gif or .jpg (either in all capital letters or all lower case, the options to match are shown in brackets separated by the \| character). Note that the . has to be un-escaped by adding a \ in front of it as it is the special character that denotes other characters. When it finds a request that has passed all the conditions and matches the rule, it will rewrite the request with -, although this could just as easily go to a page on your site. Finally the [F] flag tells the server how to respond to the request, in this particular case, it will tell the browser that it is forbidden from retrieving that file. __________________ Epic CashEpic Cash works for me Solar Cash Paysite Plugin Gallery of the day freesites,POTD,Gallery generator with free hosting

04-02-2004, 06:04 AM	#7
jimmyf OU812 Join Date: Feb 2001 Location: California Posts: 12,651	Here you go replace the XX's with your numbers you can also add error 405 and such Oh and don't forget this or it won't work When editing your .htaccess file it is recommended that you use Notepad or equivalant to keep the file clean. Remember to upload the file in ASCII mode! Also hit the enter key after the last line I do 2 myself. AuthUserFile /dev/null AuthGroupFile /dev/null AddHandler server-parsed .html RewriteEngine On RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com/.$ [NC] RewriteCond %{HTTP_REFERER} !^http://yourdomain.com/.$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com:80/.$ [NC] RewriteCond %{HTTP_REFERER} !^http://yourdomain.com:80/.$ [NC] RewriteCond %{HTTP_REFERER} !^http://XXX.XX.XXX.XXX/.$ [NC] RewriteCond %{HTTP_REFERER} !^http://XXX.XX.XXX.XXX:80/.$ [NC] RewriteRule .\.jpg$ http://www.yourdomain.com [R,L] RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com/.$ [NC] RewriteCond %{HTTP_REFERER} !^http://yourdomain.com/.$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com:80/.$ [NC] RewriteCond %{HTTP_REFERER} !^http://yourdomain.com:80/.$ [NC] RewriteCond %{HTTP_REFERER} !^http://XXX.XX.XXX.XXX/.$ [NC] RewriteCond %{HTTP_REFERER} !^http://XXX.XX.XXX.XXX:80/.$ [NC] RewriteRule .\.gif$ http://www.yourdomain.com [R,L] ErrorDocument 404 http://www.yourdomain.com/ __________________ Epic CashEpic Cash works for me Solar Cash Paysite Plugin Gallery of the day freesites,POTD,Gallery generator with free hosting Last edited by jimmyf; 04-02-2004 at 06:08 AM..

04-02-2004, 04:18 AM	#2
swedguy Confirmed User Industry Role: Join Date: Jan 2002 Posts: 7,981	http://www.google.com/search?sourcei...ink+protection http://www.google.com/search?num=30&...tlink+htaccess

04-02-2004, 05:57 AM	#5
swedguy Confirmed User Industry Role: Join Date: Jan 2002 Posts: 7,981	You Sir, are LAZY!

04-02-2004, 06:04 AM	#8
SplitInfinity Confirmed User Join Date: Dec 2002 Location: San Diego, CA Posts: 3,047	Easy, Just put a piece of tape (sticky side in) over your content directory. This will cause your content to stick in the directory, whle your hotlinkers slip and slide off the directory.. I hope this helped. Love, Me

04-02-2004, 06:14 AM	#11
mryellow Confirmed User Industry Role: Join Date: May 2001 Location: Australia Posts: 934	http://www.webpimps.com/scripts/htaccess/ -Ben __________________ Cyberwurx Hosting After trying 5 different hosts, I found the best. Since 1997 I've had 2 hours of downtime. Fast support, great techs, no hype, no gimmicks. <- I in no way endorse whatever just got stuck on the left of my post.

04-02-2004, 07:31 AM	#15
mryellow Confirmed User Industry Role: Join Date: May 2001 Location: Australia Posts: 934	Code: RewriteEngine on RewriteRule ^.*$ - You can put that in your banners directory to turn off the rewrite conditions. http://www.webpimps.com/scripts/htaccess/ Check out this site.... There is a lot of wrong htaccess info out there. -Ben __________________ Cyberwurx Hosting After trying 5 different hosts, I found the best. Since 1997 I've had 2 hours of downtime. Fast support, great techs, no hype, no gimmicks. <- I in no way endorse whatever just got stuck on the left of my post.

04-02-2004, 07:39 AM	#18
mryellow Confirmed User Industry Role: Join Date: May 2001 Location: Australia Posts: 934	btw everyone should have these lines in all their htaccess files. Code: RedirectMatch (.)cmd.exe$ http://stoptheviruscold.invalid$1 RedirectMatch (.)root.exe$ http://stoptheviruscold.invalid$1 RedirectMatch (.*).dll$ http://stoptheviruscold.invalid$1 It stops your server from showing 404 pages to IIS worms. No need to have a worm download however many K of HTML. -Ben __________________ Cyberwurx Hosting After trying 5 different hosts, I found the best. Since 1997 I've had 2 hours of downtime. Fast support, great techs, no hype, no gimmicks. <- I in no way endorse whatever just got stuck on the left of my post.