CGI Anti-Hotlink Security script?

[zeeshan]

Hello -

Here's the situation:
We have a paid dedicated server, with paid bandwidth for our website.
The site contains media files (songs, videos) that our visitors can see (Realmedia files).

Here's the problem:
"Hotlinkers"! Other sites are linking to our media files, and although we wouldn't normally mind, they are using up precious paid bandwidth on our server!

I have seen simple CGI scripts around that essentially are called like:
http://www.mydomain.com/cgi-bin/security.cgi?filename

The security.cgi file does two simple things:
1) Expands the 'filename' variable to the complete URL associated with it.
2) ONLY allows access to itself from www.mydomain.com.
So for example, if http://www.hotlinker.com put the link http://www.mydomain.com/cgi-bin/security.cgi?filename on their website, the script would notice the request coming from some place other than mydomain.com and block the access.

Does anyone know where I could get such a script? Its really important as we are losing bandwidth (huge amounts!) and need to find an effective solution.

Thanks.

[maximumedge]

if you're using perl, than you could try something like this:

Code:

#!/usr/bin/perl
if ($ENV{'HTTP_REFERER'} =~ 'mydomain.com') {
print "Location: http://www.mydomain.com/file.rm\r\n\r\n";
}
else {
print "Content-type:text/html\n\n";
print "Error: You do not have permission to access this file.";
}

hope this helps,

Jason Weinstein
webmaster@MaximumEdge.com
http://www.MaximumEdge.com/

[zeeshan]

Thanks...

I was actually looking for a script available on the Net somewhere already. Although it'd be good practice, I don't have the time right now to sit down and write a script for this - albeit it being simple.

Any ideas anyone?

Thanks.

[hmahonen]

As you didn't specify the platform/web server your site runs on, I assume that you could be using Apache as well.

On Apache platform there's easier solution, you can block other sites accessing directly certain parts of your site.

First, you need to place all the movie/music clips in a different directory, such as http://domain.com/clips/ - after you've done that, create a .htaccess file and upload it to the directory where the clips are.

The .htaccess file should contain something similar:

Code:

AuthUserFile /dev/null
AuthGroupFile /dev/null 

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://yoursite.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yoursite.com/ [NC]
RewriteRule /* http://www.yoursite.com/unauthorized.html [R,L]

After uploading this to the clips directory, the webserver will check HTTP_REFERER environmental variable for every request to the files in the clips directory and if it doesn't begin with http://yoursite.com or http://www.yoursite.com, the user will be redirected to the URL specified in RewriteRule (in this case, http://www.yoursite.com/unauthorized.html).

For more information I suggest to do a search at Google for search phrases "mod rewrite" and "htaccess rewrite" for more information.

And a bit of more resources as well:

http://httpd.apache.org/docs/mod/mod_rewrite.html
http://e-commerce-inc.com/htaccess.html
http://home.verio.com/support/hosting/htaccess.cfm

I hope this helps.

But, if your server is run on Windows based platforms or you don't use Apache as the web server, then all I can suggest is to look for a script at:
http://www.hotscripts.com/search/?qu...y=all&bool=AND

[zeeshan]

Yes, I'm running Apache.

Thanks for the help and the links. That is exactly what I was looking for. Will check all this out later tonight.

Thanks again!