SitePoint Sponsor

User Tag List

Results 1 to 11 of 11
  1. #1
    SitePoint Guru
    Join Date
    Jan 2010
    Posts
    635
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    Htaccess Control Of Specific Files

    Sitepoint Members,
    Is there any way to get this code to work for a specific jpg file, instead of all jpg files?

    RewriteEngine On
    RewriteCond %HTTP_REFERER} !^http://www\.wxyz\.com/ [NC]
    RewriteRule \.jpg$ - [F]

    I tried changing the last line to
    RewriteRule ^somespecificfile\.jpg$ - [F]

    (with and without the carrot)

    and it didn't work.

    The code above allows jpg images in a webpage to show and doesn't allow jpg images to be brought up alone (somespecificfile.jpg) in a browser. I'd like this to work for one specific jpg instead of all jpgs.

    Thanks

    Chris77

  2. #2
    SitePoint Guru
    Join Date
    Jan 2010
    Posts
    635
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I guess this is a hotlinking question. I put together some lines I found at Sitepoint and my webhost.

    Code:
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://mydomain.com/. [NC]
    RewriteCond %{HTTP_REFERER} !^http://www.mydomain.com/. [NC]
    RewriteCond %{HTTP_REFERER} !^(.+\.)?mydomain.com/.*$ [NC,OR]
    RewriteCond %{HTTP_REFERER} !^(.+\.)?google\. [NC,OR]
    RewriteCond %{HTTP_REFERER} !^(.+\.)?yahoo\. [NC,OR]
    RewriteCond %{HTTP_REFERER} !^(.+\.)?bing\. [NC]
    RewriteRule \.(gif|jpe?g|bmp|png|js|css)$ http://www.mydomain.com/my404page.html [R,L]

    1) My webhost wrote the two blue lines. Isn't there supposed to be a \ right after "mydomain" and after www?

    2) I found the blue lines (maybe just one of them) written another way. I listed it in green. Which way is better, blue or green?

    Will this code properly allow those search engines to my images and send others to my 404 page?

    Thanks
    Last edited by SpacePhoenix; Jun 25, 2013 at 19:48. Reason: code tags around code

  3. #3
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,656
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    77,

    Yes, by using code specific to your file.

    Please use the [code] ... [/code] wrapper on code so it's easier to see (and reply to).

    The obvious error is that the opening { is missing on the {HTTP_REFERER} variable. Second (possible) error would be a start anchor on the image filename IF the image is in a subdirectory.

    Code:
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^http://www\.wxyz\.com/ [NC]
    RewriteRule somespecificfile\.jpg$ - [F]
    Minor changes but that resolves the problem of the Apache variable (opening {) and the potential subdirectory for somespecificfile.jpg.

    Your note, "The code above allows jpg images in a webpage to show and doesn't allow jpg images to be brought up alone." is quite correct as it is your server which is the referrer for embedded images. Of course, once the image is in the browser, it can be captured or simply "Show Image" to view just that image. You really have no control over what a visitor's browser can do with your files (except display and make them available to the visitor).

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  4. #4
    SitePoint Guru
    Join Date
    Jan 2010
    Posts
    635
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    DK,
    I'm not sure why that left bracket disappeared, it's in my notes and my post is a copy and paste from my notes.

    During the time between my first and second post my webhost and I worked on the code of my first post and they couldn't get it to work, including trying the caret.

    You write. "Of course, once the image is in the browser, it can be captured or simply "Show Image" to view just that image." What browser has "show image" and does it work when the image is buried in CSS which is buried in a php file?

    Thanks for the help

  5. #5
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,656
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    77,

    I put background-images in CSS, too, but FF allows me to view background image on a right click - same with any other image. If its shown, it's on the visitor's computer and they choose what to do with it.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  6. #6
    SitePoint Guru
    Join Date
    Jan 2010
    Posts
    635
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I didn't even know that feature is there in the right click drop down. That's a pain.
    Thanks for the help. I'll have to think on this.

    Chris

  7. #7
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,656
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    Chris,

    While you're thinking, consider placing a transparent gif file over the images you want to protect. Visitors won't be able to access the protected image via right click but, since it's on their computer, they can merely look at their own cache files to "capture" the protected image.

    If you want to use JS or CSS to change the image on a mouseover, JS can be turned off and CSS must be read by browsers so they're of little benefit (in protecting an image).

    Using "slices" won't help either (not even if you change the scale and use JS/CSS code to resize and reassemble) because a visitor can read the code you're using and do the same thing.

    In other words, if you don't want others to use your image, use a good watermark (difficult to remove but no guarantee) or don't put it online.

    WARNING: Pontification follows

    IMHO, the Internet should be free for original content. Humans ruin that concept by breach of copyright notices (piracy) and there is little (actually, nothing) you can do about it. Therefore, annoy the pirates by making it impossible to steal your bandwidth with your images (embedding your image in their website with a link) via mod_rewrite and, if you have copious spare time, try some of the above referenced "tricks" (especially the watermarks) with the knowledge that nothing will stop a determined pirate from saving your image and using it elsewhere.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  8. #8
    SitePoint Guru
    Join Date
    Jan 2010
    Posts
    635
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    You went a little overboard with "there is little (actually, nothing) you can do about it."
    Copyright infringement notices are very effective for that - if you have the right email address. I even sent one once to google for a google blogspot page. The only time it didn't work for me was when I sent one to pinit and they wanted me to take them to court, so all I did was change the address of the page and image and send them a letter saying their site was creating a lot of dead end traffic - my 404 page.

    But if you can stop an image from being taken in the first place, mainly your header image if you have one, it cuts down on having to write copyright notices. You know, if you catch someone hotlinking to an image of yours, for fun, you can change the address for your image for your address but for the original image address and file you could use a different image the hotlinker would never want, like por_, and then write them a "did you know ...." letter.

  9. #9
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,656
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    Chris,

    Ha, ha, ha!

    Moving the image along with using mod_rewrite to redirect the image request to a s*e*x website should do the trick!

    Thanks! I needed that laugh!

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  10. #10
    SitePoint Guru
    Join Date
    Jan 2010
    Posts
    635
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I think maybe not writing a did-you-know letter and letting their website lose traffic - precipitously. Imagine thier surprise when they find something they wouldn't want to see anywhere, let alone on their website. I think one of those one-file multiple or moving images would cause a hotlinker a paradigm shift.

  11. #11
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,656
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    Chris,



    You've got it! I think we'd both like to see their face when they discover what you've done!

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •