SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Zealot
    Join Date
    Jan 2002
    Posts
    103
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    htaccess and hotlinking

    So, there's this code to put in the .htaccess file to prevent hotlinking:

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
    RewriteRule \.(gif|jpg)$ - [F]



    But let's say that I made a deal with a friend and want my friend to be able to hotlink to my images. Just their website, and my website -- and no one else -- linking to my images.

    Is this possible? I'd rather not be redundant with 2 directories of the same images each with their own .htaccess files.

  2. #2
    FreeBSD The Power to Serve silver trophy pippo's Avatar
    Join Date
    Jul 2001
    Location
    Italy
    Posts
    4,514
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Do you and your friend have a static ip address ?!?
    If so you could use:

    .htaccess
    <FilesMatch "\.(gif|jpe?g|png)$">
    order deny,allow
    deny from all
    allow from your.own.ip.address your.friend.ip.address
    </Files>



    pippo
    Mr Andrea
    Former Hosting Team Advisor
    Former Advisor of '03

  3. #3
    SitePoint Zealot
    Join Date
    Jan 2002
    Posts
    103
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    That didn't work. I got an internal server error and my geocities account was able to link to those images. Hm.

  4. #4
    FreeBSD The Power to Serve silver trophy pippo's Avatar
    Join Date
    Jul 2001
    Location
    Italy
    Posts
    4,514
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yesterday I tested those rules using:

    .htaccess
    Code:
    <FilesMatch "\.(gif|jpe?g|png)$">
    order deny,allow
    deny from all
    allow from 127.0.0.1 127.0.0.2
    </Files>
    By the way an "internal server error" could mean that you did some mistakes (maybe a typo) inside the .htaccess file.
    Mr Andrea
    Former Hosting Team Advisor
    Former Advisor of '03

  5. #5
    Mlle. Ledoyen silver trophy seanf's Avatar
    Join Date
    Jan 2001
    Location
    UK
    Posts
    7,168
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Moved to a more appropriate forum

    Sean
    Harry Potter

    -- You lived inside my world so softly
    -- Protected only by the kindness of your nature

  6. #6
    Serial Publisher silver trophy aspen's Avatar
    Join Date
    Aug 1999
    Location
    East Lansing, MI USA
    Posts
    12,937
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    pippo wouldn't that just deny images to all surfers?

    Servers do not just serve images any time an HTML page is requested, they (the images) need to be requested. So Joe Smith browsers over to your site, his copy of IE requests an image, and since his IP address isn't allowed he can't get the image.

    This, however, should work:

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?hisdomain.com/.*$ [OR]
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
    RewriteRule \.(gif|jpg)$ - [F]
    Chris Beasley - I publish content and ecommerce sites.
    Featured Article: Free Comprehensive SEO Guide
    My Guide to Building a Successful Website
    My Blog|My Webmaster Forums

  7. #7
    SitePoint Zealot
    Join Date
    Jan 2002
    Posts
    103
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks aspen, but that didn't work. However, I tried this:
    Code:
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?hisdomain.com/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
    RewriteRule \.(gif|jpg)$ - [F]
    and it did work. Go figure. I wish I knew how to program so that I could understand why.


  8. #8
    FreeBSD The Power to Serve silver trophy pippo's Avatar
    Join Date
    Jul 2001
    Location
    Italy
    Posts
    4,514
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    CRA,
    when using many RewriteCond in cascade they are considered as an AND by default.
    Unless you specify in the rewrite flags OR.

    So basically what you write can be interpreted as:
    IF ( (HTTP_REFERER != '') AND (HTTP_REFERER != 'hisdomain.com') AND (HTTP_REFERER != 'mydomain.com')) THEN
    {
    // DENY IT
    }




    pippo
    Last edited by pippo; Oct 29, 2002 at 06:26.
    Mr Andrea
    Former Hosting Team Advisor
    Former Advisor of '03

  9. #9
    FreeBSD The Power to Serve silver trophy pippo's Avatar
    Join Date
    Jul 2001
    Location
    Italy
    Posts
    4,514
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    By the way it's better to write:

    RewriteEngine On
    RewriteCond %{HTTP_REFERER} ^$ [OR]
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?hisdomain.com/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
    RewriteRule \.(gif|jpg)$ - [F]

    that would be interpreted as:

    IF ( (HTTP_REFERER == '') OR (HTTP_REFERER != 'hisdomain.com') AND (HTTP_REFERER != 'mydomain.com')) THEN
    {
    // DENY IT
    }

    So when HTTP_REFERER is empty
    OR
    if HTTP_REFERER is different from hisdomain.com
    AND HTTP_REFERER is different from mydomain.com
    the images will be denied.

    The last rules I wrote should be better than yours,
    because you didn't prevent hotlinking when HTTP_REFERER is empty.

    Please note that I'm a beginner using RewriteCond in cascade, so suggestions are always welcomed



    pippo
    Last edited by pippo; Oct 29, 2002 at 06:37.
    Mr Andrea
    Former Hosting Team Advisor
    Former Advisor of '03


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •