News:

The anti-spam plugins have stopped being effective. Registration is back to requiring approval. After registering, you must ALSO email me with your username, so that I can manually approve your account.

Main Menu

prevent hotlinking

Started by griever, February 17, 2007, 07:50:47 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

griever

I'd like to set up something, just in case, to prevent people from leeching bandwidth.  I followed various tutorials about setting up an htaccess file to do this, but whatever I try, it just kills my site and doesn't protect the images.  I was wondering if any one else could point me in the right direction... :D
"You can get all A's and still flunk life." (Walker Percy)

Xepher

Generally speaking, you set mod_rewrite to only NOT redirect if the referrer is a page on your site. Otherwise it redirects to some "don't hotlink!" image. What've you got so far.

griever

So far, I've got this, although it is the end product of several separate how to sites.  It's obviously wrong.  x.x

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www.)?grieversanime.org/images/screencaps/ [NC, OR]
RewriteCond %{HTTP_REFERER} !^http://griever.xepher.net/images/screencaps/ [NC]
RewriteRule .(jpg|gif|png)$ images/no_hotlink.gif [R,L]

I also had it in the public_html folder and chmodded to 644.
"You can get all A's and still flunk life." (Walker Percy)

Xepher

Where is it? Because it's not at public_html/.htaccess where it should be. Lemme try a couple things...

Xepher

Okay, two changes...
First line, you can't have a space in the [NC, OR] bit... And you need another condition to exclude the no_hotlink image itself from the redirect, or else you get an infinite loop.

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www.)?grieversanime.org/images/screencaps/ [NC]
RewriteCond %{HTTP_REFERER} !^http://griever.xepher.net/images/screencaps/ [NC]
RewriteCond %{REQUEST_URI} !no_hotlink.gif$
RewriteRule .(jpg|gif|png)$ http://griever.xepher.net/images/no_hotlink.gif [R,L]
It's already setup/tested in your public_html folder... I'm just posting this for edumacationalizing reasons. :-)

EDIT: Not fixed yet, there's another problem... Gimme another minute.

EDITEDIT: Got it now, revised code above. Removed the "OR" from the first condition. Which seems counter intuitive, but if you think hard about the logic, it works. We don't want to rewrite if any of those things match. So we really want the default "AND" on all three. That is "not #1 AND not #2 AND not #3" and only if all that works, THEN we do the rewrite.

griever

Ahh...thank you for fixing this!  It was frustrating me to no end and I really wanted to protect the image-heavy folder.  The explanation makes sense now...I think that OR was screwing me up.

(I had to remove the htaccess file I had there because it screwed up the rest of the site - index page showed up fine, but all following pages refused to display.)
"You can get all A's and still flunk life." (Walker Percy)

griever

This is related, but slightly different confusion.  I'm experimenting on using mod_rewrite to make clean URLs, since that seems to be how things are going.  I've read a bunch of tutorials, which make it seem relatively easy, but for the life of me, I can't get a rather basic redirect to work.

(version 1) RewriteRule ^anime.php$ anime2.php
(version 2) RewriteRule ^anime/$ anime2.php
I was able to get to get the first one to work just fine, but the second one gives me a 404 error.  Based on all the examples I've seen, this shouldn't be happening.  Any ideas on what I'm doing wrong?  I'm fairly certain the syntax is right, but given my rather spotty memory of the semi-colon, I'm probably missing something easy and crucial. :(
"You can get all A's and still flunk life." (Walker Percy)

Xepher

First off, do you know what the special characters do? "^" indicates the start of a line, and "$" indicates the end of a line. By using both, you're effectively saying it has to be EXACTLY that request, but I believe a directory request would actually be "/anime/" so it doesn't match. I assume you want it to take the URL http://grieversanime.org/anime/ and have it actually serve the page "anime2.php" yes? Try ditching the carrot (^) at the beginning.

griever

Ohh...I knew it was the start and the end, but I didn't realize it was exact.  But I was right in that I was missing something easy and crucial...looking back on the tutorials, I can't believe I missed that.  Nothing explicit, but it should have been so obvious.  I feel like an idiot.

EDIT: Tried it without the caret, but still no go.  It's in a subfolder, but that shouldn't have any affect on it.  Ah well, I'll probably delay that idea until mid-March and go read up more on using mod_rewrite.  Thanks though, Xepher. :)
"You can get all A's and still flunk life." (Walker Percy)

Xepher

I'm not positive if using a subfolder matters or not, but I think it does. If it rewrites to anime2.php, is it looking for that file in the subfolder, or the main one? If you let me know exactly where (aka, what folder) you're dealing with, I can try and mess around with it like before.

griever

I read somewhere that htaccess files affect directories recursively, so it should mean that the htacess file in a subfolder would only affect the subfolder and all subsequent folders inside?  I tried also with RewriteBase and even RewriteRule with a straightforward http://blahblahblah.php and nothing seemed to work.  I found a support forum yesterday for only mod_rewrite issues, so I'm going to try there.  I'm absolutely stumped as to why such a basic statement won't work, even though I've found exact examples in tutorials.  Thanks for the offer though. ^-^
"You can get all A's and still flunk life." (Walker Percy)

Xepher

While it's true .htaccess is recursive... that only applies to the initial request. Rewrites do tricky stuff to the internals, so you usually need to specify an actual file such as /home/griever/public_html/something/file.php for the second part of the rewrite if you're not using the R (redirect) flag. If you use R, you have to give a relative (or absolute) URL, rather than file address. Also, if you're trying to rewrite a directory to some specific file, the .htaccess file may need to be one directory above, as I'm not sure parses .htaccess inside that directory until it actually uses a file IN it. That might explain why your first version worked (file to file) but the second (directory to file) didn't.

griever

Hmm...thanks, Xepher.  I really need to do more reading on this.  I just get screwed up with technical terms, which makes me great for tech support but horrible for trying to learn from manuals.
"You can get all A's and still flunk life." (Walker Percy)

griever

I'm back and wondering if you could help me out again, Xepher.  I realized, after finding that someone was hotlinking, that I had forgotten to upload the htaccess file that you gave me.  So I went back and changed it to fit the new domain and uploaded it into the public_html folder.  However, it gives me a 500 error when I try to visit my site, which is really odd because it worked before with the previous domain name.
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www.)?chanpuru.org/images/screencaps/ [NC]
RewriteCond %{HTTP_REFERER} !^http://griever.xepher.net/images/screencaps/ [NC]
RewriteCond %{REQUEST_URI} !no_hotlink.gif$
RewriteRule .(jpg|gif|png)$ http://griever.xepher.net/images/no_hotlink.gif [R,L]
EDIT: I've given up on adding anything else, so it's the only stuff in the htaccess file.  It's also on the server as htaccess.txt because if I change it to .htaccess, my site dies.
"You can get all A's and still flunk life." (Walker Percy)

Xepher

Testing...

I renamed your htaccess.txt back to .htaccess.



That should be your "no hotlink" image, even though it's pointing to a legit screencap.