.htaccess file help needed

I am trying to block specific websites from hotlinking to my server
I installed this code

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://(.+\\.)?myspace\\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(.+\\.)?blogspot\\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(.+\\.)?livejournal\\.com/ [NC]
RewriteRule .*\\.(jpe?g|gif|bmp|png)$ http://i.imgur.com/qX4w7.gif [L]

The code works fine , however I do custom graphics and css for a fantasy football hosting community, and they have 1000’s of sites on several servers, each site has a unique url , however I’m unable to figure out how to block certain sites where some users are duplicating and hotlinking my images and css

An example of the url are as follows
http://www30.myfantasyleague.com/2012/home/18128
http://www30.myfantasyleague.com/2012/home/43896
http://www26.myfantasyleague.com/2011/home/65804

You notice many sites using the same server aka www.30 , while each site has a unique league id aka 18128 or 43896
Without blocking all images on any single server , can i use .htaccess to block to full url posted above

Thanks

OSU,

Your RewriteCond statements are properly formatted (in general) but, using regex, all I’d want to specify is the domain, i.e.,

RewriteCond %{HTTP_REFERER} \\.myspace\\.com [NC,OR]
...

That means that you can catch all the myfantasyleague.com links the same way.

Regards,

DK

so this should work if i wanted to block these 2 URLs
http://www.myspace.com/
http://www27.myfantasyleague.com/2012/home/74017

RewriteEngine On
RewriteCond %{HTTP_REFERER} \\.myspace\\.com [NC,OR]
RewriteCond %{HTTP_REFERER} \\www27.myfantasyleague.com/2012/home/74017 [NC]
RewriteRule .*\\.(jpe?g|gif|bmp|png)$ http://i.imgur.com/qX4w7.gif [L]

OSU,

Yes, but WHY limit yourself to the 2012/home/74107 script/directory? I’d leave that off as well as the trailing slash after the domain AND the subdomain!

RewriteEngine on
RewriteCond %{HTTP_REFERER} myspace\\.com [NC,OR]
RewriteCond %{HTTP_REFERER} myfantasyleague\\.com [NC]
RewriteRule \\.(jpe?g|gif|bmp|png)$ http://i.imgur.com/qX4w7.gif [R=301,L]

As you can see, I had second thoughts about requiring a subdomain at all (including www) so I deleted the \. before the domains in question. Better to whack them all!

If qX4w7.gif is in your DocumentRoot, I’d eliminate your absolute redirection (http://{domain}) and make that rule:

RewriteRule \\.(jpe?g|gif|bmp|png)$ qX4w7.gif [R=301,L]

Please note that, with regex, you can match anything in the string without specifying the start or end anchors, i.e., in this last RewriteRule, \.({list of image file extensions})$ must contain a dot character, one of your extensions and then end ($ is the end anchor). You simply do not care about anything before the dot character so don’t even bother to address it with your .* which is meaningless.

Regards,

DK

The purpose i need this to serve is in fact to prohibit hotlinking from certain subdirectories on that domain , while I do allow hotlinking from the same domain with other sub directories , so i need something that will work in this case

for example here are 3 URLs all within the same domain , i want the ones ending in 18128 and 43896 to not be able to hotlink, while the other to be permitted
http://www30.myfantasyleague.com/2012/home/18128
http://www30.myfantasyleague.com/2012/home/43896
http://www26.myfantasyleague.com/2012/home/65804

help me try another approach
How can i ban all hotlinking on every site , but allow it a a few select ones?

OSU,

for example here are 3 URLs all within the same domain , i want the ones ending in 18128 and 43896 to not be able to hotlink, while the other to be permitted

RewriteEngine on
RewriteCond %{HTTP_REFERER} myspace\\.com [NC,OR]
RewriteCond %{HTTP_REFERER} myfantasyleague\\.com/2012/home/(18128|43896) [NC]
RewriteRule \\.(jpe?g|gif|bmp|png)$ qX4w7.gif [R=301,L]

Regards,

DK

Thanks DK but this isn’t blocking all the pages within that league id , only the home page , it seems every page has a unique url for instance…these are all urls to the same league and using the above code will only block the “home” page while allowing images on the other pages. I can’t block the entire server like www30.myfantasyleague.com , or other sites i that have my authorization to use the css and images will be blocked too. So maybe what i wanted to accomplish isn’t even possible…damn it ! Perhaps if you were to give me a image from your server I can load onto the site, someone may be able to try to do this, but i’m not educated enough on this to figure it out myself.

[noparse]http://www30.myfantasyleague.com/2012/home/18128[/noparse]
[noparse]http://football30.myfantasyleague.com/2012/options?L=18128&O=07[/noparse]
[noparse]http://football30.myfantasyleague.com/2012/standings?L=18128[/noparse]

OSU,

The problem is with your “Specificity,” the specification of what you’re trying to block (and what you’re trying to allow). So long as you don’t use the end anchor on your {HTTP_REFERER} regex, you should be able to block all the linkages you want to block.

Look at it from a different angle: You’ve given specific permission to some users so list them and block everyone else! That’s probably a simpler thing to do.

Regards,

DK

Agreed , will be easier to block everyone and only allow users that have paid for content

So how is the set up for that ? If i want to block all URL and only permit URL from example
www30.myfantasyleague.com/2012/home/18128
football30.myfantasyleague.com/2012/options?L=18128&O=07
football30.myfantasyleague.com/2012/standings?L=18128

the code must include the 18128 as it’s the only unique identifier , do the ? and = get in the way of the code

Okay i am getting closer , using this to only allow 1 league to use the images

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?nitrografixx.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?www30.myfantasyleague.com/2012/home/75034 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/home/75034 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/options [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/standings [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/login [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/menu_page [NC]
RewriteRule \.(jpg|jpeg|png|gif|css|js)$ - [NC,F,L]

However , i need the full URL like below to install, but when i do it doesn’t work, i assume it’s the ?L= & that is in the URL causing the problems
football30.myfantasyleague.com/2012/options?L=75034&O=07

OSU,

The ? is the demarcation between the URI and the query string but it should be picked up by the {HTTP_REFERER}. Should is the operative word here, though. If you’re allowing 2012 across the board, why not just terminate the {HTTP_REFERER} after 2012/ and allow all 2012’s pages?

Regards,

DK

It would be simple if I was allowing 2012 across the board , but there are 1000’s of 2012 leagues and I only allow perhaps 50 of them , so i have to carry out the full URL
The way that company has set up their site using java to pull the league id is crazy , i don’t know if its’ even possible to block/allow a single site

I think I’ve tried just about everything and nothing is working. I don’t know if its possible given the nature of how myfantasyleague.com set up their leagues on each server. What would be great is to have some script I could embed in the header of each individual site that authorizes the image/css use by checking my servers directory of that given league by a unique code/php script or something , aside of that I don’t think I can achieve what I need.

OSU,

I’ve tested locally and the $_SERVER[‘HTTP_REFERER’] value was reported as http://test/test1.html?key=value&key2=value2 so your testing of {HTTP_REFERER} was correct - it does include the protocol, domain, URI and query string. Therefore, specify away with all (test for not AND not AND …). If you’re going to post a “pirated from” image, excude it in a final RewriteCond as another NOT against the {REQUEST_URI}.

Regards,

DK

dk , that may as well been in russian lol , i have no idea what your explaining there. Again sorry for my lack of knowledge to understand this.

I did make the change to the ? to \? and it is working , which is great !

This is what i have to allow 1 league on server 30 , league ID 63454 , you see all the different pages i have to direct to in order for 1 single league to show because of how their server sets up the leagues on it. Is there a shorthand way approach to this.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?nitrografixx.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?www30.myfantasyleague.com/2012/home/63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/home/63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/options\?L=63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/standings\?L=63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/menu_page\?L=63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/mb/board_show.pl\?bid=201263454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/mb/topic_add.pl\?bid=201263454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/select_franchise\?L=63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/options\?LEAGUE_ID=63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/accounting_report\?LEAGUE_ID=63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/player_search\?LEAGUE_ID=63454 [NC]
RewriteRule \.(jpg|jpeg|png|gif|css|js)$ - [NC,F,L]

OSU,

Sorry, too many years NOT speaking any Russian (and only one year at university level) so nothing’s left but a few memories of phrases.

Anyway, I was saying before that I suspected that your attempting to match query strings (within the {HTTP_REFERER} might not work). My test was to determine that you would receive the full query string from the {HTTP_REFERER} and validate your approach. :tup:

Because your {HTTP_REFERER} is being matched by regex, of course you must escape the ? character (otherwise, it’s the metacharacter for making the previous character optional). Kudos to you for doing this correctly!

Now, the “pirate image” I had referred to is another typical way to respond to bandwidth pirates: Instead of sending the linked image, send an image which states that the webmaster is a bandwidth pirate, i.e., don’t trust anything on that website! If you choose to return a “pirate image,” then you must exclude that image in an additional RewriteCond statement (testing the {REQUEST_URI} as NOT being the image). You’re not doing that so don’t mind my trying to help others.

Regards,

DK

Thanks for all your help ! I have one league completed but wanted to know if you see something in here where it can be shortened to include more url combinations on 1 line
Since the URL basically all begin with “football30.myfantasyleague.com/2012” and end it “?L=63454” , is there away to shorthand the combo directorie title in between

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?nitrografixx.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?www9.myfantasyleague.com/2012/home/63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/home/63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/options\?L=63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/standings\?L=63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/menu_page\?L=63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/select_franchise\?L=63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/options\?LEAGUE_ID=63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/accounting_report\?LEAGUE_ID=63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/player_search\?L=63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/commissioner_setup\?L=63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?www30.myfantasyleague.com/2012/live_scoring_summary\?L=63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?www30.myfantasyleague.com/2012/chat\?L=63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/free_agents\?L=63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/injury\?L=63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/pro_schedule\?L=63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/pro_matchup\?L=63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/fantasy_box_score\?L=63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/nfl_team_stats\?L=63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/depth_chart\?L=63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/depth_chart\?TYPE=grid&L=63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/news_articles\?L=63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/news_articles\?MYNEWS=1&L=63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/edit_my_links\?L=63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/my_tickets\?L=63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/accounting_report\?L=63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/login\?L=63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/site_news\?L=63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/league_setup1\?L=63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/processed_waivers\?L=63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/edit_article\?L=63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/player\?L=63454 [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/edit_poll\?L=63454 [NC]
RewriteRule \.(jpg|jpeg|png|gif|css|js)$ - [NC,F,L]

OSU,

Of course there is (Hint: Learn something about regular expressions)!

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\\.)?nitrografixx.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\\.)?www9.myfantasyleague.com/2012/.+63454$ [NC]
RewriteRule \\.(jpg|jpeg|png|gif|css|js)$ - [NC,F,L]

Regards,

DK

Nice DK !

so using the .+ before the league ID catches the subs inbetween , i also added the .+ after the league id , for the URL that have a address after the league id

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?nitrografixx.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?www30.myfantasyleague.com/2012/.+63454$ [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/.+63454$ [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?www30.myfantasyleague.com/2012/.+63454.+$ [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?football30.myfantasyleague.com/2012/.+63454.+$ [NC]
RewriteRule \.(jpg|jpeg|png|gif|css|js)$ - [NC,F,L]