SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Wizard mcsolas's Avatar
    Join Date
    Jul 2004
    Location
    Hermosa Costa Rica
    Posts
    1,707
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Preventing hotlinking to a webcam

    I have a webcam which I have found people hotlinking to. Worse, they have submitted it to google maps as their own webcam, creating a second problem for me to fix. For now, I am moving the image, its in the public files of my webserver. I would like to protect this image further, but I am not sure how.

    Is it possible to limit what pages an image can be served on? I found this example in a closed thread that seems to be geared at something similar, but this one is geared at all the images in the site. For me, i have 1 specific image I want to lock down. For sake of example, lets say you can see it online by visiting "mysite .com/ftp/1.jpg". Could I rewrite this rule the following rule in a similar fashion?
    Code:
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
     RewriteCond %{HTTP_REFERER} !(www\.)?mysite.com(/)?
     RewriteRule .*\ftp\1.jpg)$ - [F,NC]
    My other idea is to move this file outside of the webroot, into a private directory and serve it on a page through a viewer of some type or javascript like I do now.
    edit: Found some related info here in another post

    What are some solutions to lock down a webcam access?

  2. #2
    SitePoint Wizard mcsolas's Avatar
    Join Date
    Jul 2004
    Location
    Hermosa Costa Rica
    Posts
    1,707
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    edit: I posted this because I thought I had it working, the images stopped showing up on the offending domain. However I didnt check and somehow, it also broke the function of the images on the sites I want it on. Ideally, I currently have a few whitelisted sites to display it on and 1 blacklisted one.

    So, I am still working on a solution....

    Code:
    #stops people from viewing htaccess rules
    <Files .htaccess>
    order allow,deny
    deny from all
    </Files>
    
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} ^http://.* badguys domain\.com [NC,OR]
    RewriteRule .* - [F]

  3. #3
    SitePoint Wizard mcsolas's Avatar
    Join Date
    Jul 2004
    Location
    Hermosa Costa Rica
    Posts
    1,707
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think my syntax was wrong in the last one. The OR command, I cannot find it in the docs, so I figured it was best to remove it. I also added the Last line command to the last line : ) Also added the followsymlinks part. At last I have it working, I tested 2 of the sites and they still work, while the offender is banned!
    Code:
    Options +FollowSymlinks
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} ^http://.* offending domain \.com [NC]
    RewriteRule .* - [F,L]

  4. #4
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,672
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    mc,

    GOOD WORK! Indeed, the OR is to counter the automatic AND between RewriteCond statements and the Last flag is normally needed to end a mod_rewrite block (but I don't believe that it's required with a Fail flag). As for the +FollowSymlinks, that should be in the server config file so it's not really needed here.

    Your first inclination, though, was also good: RewriteCond %{HTTP_REFERER} !(www\.)?mysite\.com/ [NC,OR] as the first RewriteCond, i.e.,
    Code:
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !(www\.)?mysite\.com/ [NC,OR]
    RewriteCond %{HTTP_REFERER} offending_domain\.com [NC]
    RewriteRule .? - [F,L]
    Here, you ensure that mod_rewrite is ready, that the referrer is not your own domain OR that it IS the offending_domain then Fail everything.

    [Edit: There is a lot of good information on this specific subject at Apache.org - http://httpd.apache.org/docs/2.2/rewrite/access.html ]

    Regards,

    DK
    Last edited by dklynn; Nov 17, 2011 at 01:15. Reason: More info
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  5. #5
    SitePoint Wizard mcsolas's Avatar
    Join Date
    Jul 2004
    Location
    Hermosa Costa Rica
    Posts
    1,707
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by dklynn View Post
    Indeed, the OR is to counter the automatic AND between RewriteCond statements and the Last flag is normally needed to end a mod_rewrite block (but I don't believe that it's required with a Fail flag). As for the +FollowSymlinks, that should be in the server config file so it's not really needed here.
    Thank you for explaining this!!! I found a few pages and read up on the syntax but couldnt figure that part out.

    I am starting to understand the syntax better now. Yes, what you mentioned is more of a permanent fix. Instead of blacklisting one by one, it whitelists allowed sites. I have 4 to whitelist, maybe more soon. So I think I need to rewrite the rule:
    Code:
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !(www\.)?mysite\.com/ [NC,OR]
    RewriteCond %{HTTP_REFERER} !(www\.)?whitelisted_site_1\.com/ [NC,OR]
    RewriteCond %{HTTP_REFERER} !(www\.)?whitelisted_site_n\.com/ [NC,OR]
    RewriteCond %{HTTP_REFERER} offending_domain\.com [NC]
    RewriteRule .? - [F,L]
    Im not 100% if I need the OR in between each whitelisted site. Anyways, I am off to try this rule later and see how it works. Before implementation, I am wondering how I can further my search for anyone else hotlinking to the image. ideally, I am going to email them and anyone who has is a potential inbound link. I am going to approach all of them and say that the feed can be allowed to display in a variety of ways IF they setup the proper links.

    In my specific case here, I had to make sure the break the feed for a short time to prove that they were not hosting the feed. this was successful as the webcam site already emailed me back and updated their info. Now onto a permafix...

    thank you again for the insight!!

  6. #6
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,672
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    MC,

    Code:
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !(www\.)?mysite\.com/ [NC,OR]
    RewriteCond %{HTTP_REFERER} !(www\.)?whitelisted_site_1\.com/ [NC,OR]
    RewriteCond %{HTTP_REFERER} !(www\.)?whitelisted_site_n\.com/ [NC,OR]
    RewriteCond %{HTTP_REFERER} offending_domain\.com [NC]
    RewriteRule .? - [F,L]
    may be simplified by combining RewriteCond statements like
    Code:
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !(www\.)?(mysite\.com/|whitelisted_site_1\.com/|whitelisted_site_n\.com/) [NC,OR]
    RewriteCond %{HTTP_REFERER} offending_domain\.com [NC]
    RewriteRule .? - [F]
    Here, I've used the pipes within an atom to do my OR'ing for me as only one grouping needs to be matched (I left the .com in the atom as you may have a .org or .net that you want to whitelist, too, but the \.com should be moved outside the grouping parentheticals for simplicity's sake).

    Actually, the second RewriteCond will be matched by the first so it's superfluous (not needed so it and the OR flag above can be deleted).

    Yes, because you wanted to whitelist every member of that group, OR was correct between those conditions.

    I'm happy to see that you did not OR the RewriteCond statements with the RewriteRule (which would have been a logical error).

    If your list of whitelisted or banned sites expands, you may want to look into RewriteMaps (from the link above) but that does require access to the server or virtual host configuration file (because a syntactical error can bring the server down).

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  7. #7
    SitePoint Wizard mcsolas's Avatar
    Join Date
    Jul 2004
    Location
    Hermosa Costa Rica
    Posts
    1,707
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for clarifying things. I will update my code to that and learn more about RewriteMaps.

  8. #8
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,672
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    mcsolas,

    A RewriteMap can only be used by setting it up in the httpd.conf (or Linux's Apache2.conf) or the httpd-vhost.conf file BECAUSE any syntax error can bring an entire server down (not good for shared servers - too easy to inadvertently create a DOS attack on yourself!). However, I'm sure a host would upload a tested block of code for you to alleviate server load.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •