This thread has good info re htaccess and robots.txt files

Gaile

Joined: 2002-07-20
Posts: 1301
Posted: Tue, 2003-08-05 00:04

** I changed the subject header in order to point people towards the info re .htaccess and robots.txt files that is contained later in this thread. **

Another edit - January 19, 2004 - removed my rant - it isn't needed BUT all this information is good regarding preventing direct linking, robot.txt files, etc.

So now it's a sticky at the top of the customization forum.

:)

Gaile

 
h0bbel
h0bbel's picture

Joined: 2002-07-28
Posts: 13451
Posted: Tue, 2003-08-05 00:08

PixelPoet, I could not agree more! You have my full support on this.

I hope someone a little more apache/rewrite savvy can help you out in making a .htaccess file that prevents hotlinking of images for you.

 
jmullan
jmullan's picture

Joined: 2002-07-28
Posts: 974
Posted: Tue, 2003-08-05 00:09

pixelpoet: do you need help stopping people from hotlinking?

 
Gaile

Joined: 2002-07-20
Posts: 1301
Posted: Tue, 2003-08-05 00:28

Hi

No - thanks. My .htaccess file and my robots.txt keep a lot of the riff raff away. Those are two files I have spent a lot of time perfecting (webmasterworld.com is a great place to learn more). I don't hesitate to block people that I find constantly direct linking. I don't allow linking to jpg or png files because those are my photos, but I let the little 'tards link to gif files so that I can find them quickly. Lately tho I've got the ones that are downloading my site lock, stock and barrel and even leaving my sitemeter intact. :roll:

Those ones are REAL easy to pick off...

I'd love a way to keep people from stealing my stylesheets, but I don't think that's possible.

Anyway... I just needed to vent. Thanks.

Gaile

 
jmullan
jmullan's picture

Joined: 2002-07-28
Posts: 974
Posted: Tue, 2003-08-05 00:43

It's okay if you don't need or use my ideas, I'm the idea guy, that's what I'm here for. It sucks that people steal your hard work and I would be glad to help kick their collective butts. I've got more ideas if you're interested.

 
bharat
bharat's picture

Joined: 2002-05-21
Posts: 7994
Posted: Wed, 2003-08-06 01:08

Gaile, there are a couple of techniques you can use to prevent people from using your stylesheets. The easiest approach is to move the stylesheet out of your document root and then write a quick PHP script that prints out the contents of it. Then link to that PHP script instead of the style sheet directly. Then you can write some code that checks the HTTP_REFERER to see if the page requesting the style sheet is in your domain, and if not, you can send back nothing (or a stylesheet of your own that makes their site look terrible :-P )

I'm sure Jesse can help you put that in place!

 
alindeman
alindeman's picture

Joined: 2002-10-06
Posts: 8194
Posted: Wed, 2003-08-06 01:24

Heh, I thought Jesse only came up with ideas, no actual work ;)

 
Gaile

Joined: 2002-07-20
Posts: 1301
Posted: Wed, 2003-08-06 10:29

Jesse, if there is a way (as Bharat mentioned) to prevent the use of my stylesheets then I'm all for it. I found two more sites tonight and I've removed my css entirely until I find a way to stop this.

I am simply tired of people not asking once in a while for HELP instead of just taking. The stupid part is leaving in actual links to my site that make it so easy for me to find these idiots. :roll:

Ironically the most recent site I found is a charity in my area. Guess who won't be getting any donations from me....

I do want to just end this thread now and not have it drag out needlessly. There are other more important things to do.

I do appreciate your offer of assistance and will email you when I decide what direction I'm going in with this.

Gaile

 
JadeDragon
JadeDragon's picture

Joined: 2003-02-15
Posts: 332
Posted: Sun, 2003-08-17 16:20

Just going to post this tutorial I wrote for my Hosting Company. Usefull for anyone who needs to stop unwanted theft. Be aware that certain people will not be able to access your files. The people affected use either a high level security on IE or have a firewall with higher level security setting. By using an image return you can utilize these leachers by advertising your site, and showing that the site that they were leached to is desreputable and the browser (as I do) won't return. This won't stop the user from downloading your images/files, but it will help prevent bandwidth theft.

Quote:
Anti-Leach tutorial.

Insert the following code into your htaccess

Leachers will just get a "X" instead of an image.

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://www.yoursite.com [NC]
RewriteCond %{HTTP_REFERER} !^http://yoursite.com [NC]
RewriteRule [^/]+.(gif|jpg)$ - [F]

Note: The first line is only necessary if this is not being used along with Sub Domains. If you are using Sub Domains, do not add the first line and insert the other 3 lines underneath the Sub Domain coding.

If you have another domain you can insert the following underneath line 3:

RewriteCond %{HTTP_REFERER} !^http://www.yoursite2.com [NC]
RewriteCond %{HTTP_REFERER} !^http://yoursite2.com [NC]

Upload the .htaccess file via FTP in ASCII mode and place in the htdocs folder.

Other web sites will now not be able to leech any images from your site. Enjoy!

Image Return
If you wish to return an image, stating they're not permitted to access your images, modify this line:

RewriteRule [^/]+.(gif|jpg)$ - [F]
to these lines:

RewriteCond %{REQUEST_URI} !^/restricted_image.jpg 
RewriteRule [^/]+.(gif|jpg|GIF|JPG)$ http://www.yoursite.com/hotlink.jpg 

#note, do not need capitallized alternates unless you have them on your server.

You can use most extensions, such as:

RewriteRule [^/]+.(gif|jpg|mp3|htm|html|php|css)$ - [F]
Sub Domains

If anti-leeching is used along with sub domains, you'll need to create a .htaccess for each sub domain with the following code for protecting your images:

RewriteCond %{HTTP_REFERER} !^http://sub.yoursite.com/ [NC]
RewriteRule [^/]+.(gif|jpg)$ - [F]

If you have many subdomains, you can use this code:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+)?yoursite.com/ 
RewriteRule [^/]+.(gif|jpg)$ - [F] 

Upload the .htaccess file via FTP in ASCII mode and place in the htdocs folder.

Other web sites will now not be able to leech any images from your site. Enjoy!

by JadeDragon

=)
Jade

 
JadeDragon
JadeDragon's picture

Joined: 2003-02-15
Posts: 332
Posted: Sun, 2003-08-17 16:29

Just another note. If you want to share your images with multiple domains then you can set the permissions to just those domains.

RewriteCond %{HTTP_REFERER} !^http://www.yoursite.com [NC]
RewriteCond %{HTTP_REFERER} !^http://www.otherdomain.com [NC]

Say you want a folder with full permission granted. Usefull when posting images to forums. Then place a new .htacess file in that specific folder with this code.

RewriteEngine Off

If you want to disable the browsing of files in the directorys on your site then include this line of code as the last line of your .htaccess file.

Options -indexes

=)
Jade

 
h0bbel
h0bbel's picture

Joined: 2002-07-28
Posts: 13451
Posted: Sun, 2003-08-17 18:49

JadeDragon, great stuff! How about those who blatanly steal your whole layout? I had one today. :/ Not much to to about those, i know.

 
JadeDragon
JadeDragon's picture

Joined: 2003-02-15
Posts: 332
Posted: Sun, 2003-08-17 22:29

You can contact their hosting company and/or IP to have the copywrited material removed. Unfortunately this is all to common and some hosting companies do not care what their clients are doing. At that point if thier theft is sever enough for you, then you will have to pursue them yourself.

You can find out who their host is and their contact information by going Here.

 
h0bbel
h0bbel's picture

Joined: 2002-07-28
Posts: 13451
Posted: Sun, 2003-08-17 22:31

JadeDragon, i know. I am just venting a bit. :)

 
Gaile

Joined: 2002-07-20
Posts: 1301
Posted: Sun, 2003-08-17 22:44

Hey H0bbel...

Joined my *Venting* Club did you? I've run out of things to say about the unoriginal copycats of the world.

Ironically, if anyone asks me how I did something directly related to Gallery, I tell them. Gallery is opensource code and I don't mind sharing how I accomplished whatever small changes I made, but when they just copy the entire thing lock stock 'n barrel. Well... :evil:

ANYWAY...JadeDragon, my .htaccess is actually pretty close to what you have, however here's where we differ:

RewriteRule .*\.(jpg|jpeg|gif|bmp|png)$ - [F,NC]

Notice the bit after Rewrite Rule is different. So what does your code do that the one I'm using doesn't do?

As well, I found I couldn't add css, html or php extensions to this - or nobody could see my site unless the end bit was changed from F, NC to R,NC -- but had several people tell me when I changed it to R (on the suggestion of my host), that they could now link to my images.

In all honesty - it just gets too freakin' tiring keeping the idiots out!

So for now I've got images protected. CSS and the rest I've decided not to worry about for the time being. I have other things to do.

I thought this thread was dead - was SO surprised to see comments here.

Something that should be mentioned is to be VERY careful messing around with .htaccess if you are flying blind because you can mess things up quite badly. There are several good tutorials online (yours among them now, Jade) that address the basics and beyond. Just takes a quick *google* to find them!

Right now I'm in the midst of attempting to make my (still unveiled) gallery layout html compliant. I figure I'll start with 4.01 transitional and work my way UP.... :)

Gaile

 
JadeDragon
JadeDragon's picture

Joined: 2003-02-15
Posts: 332
Posted: Sun, 2003-08-17 23:37

This is the full listing of Apache directives.

This is the information for ReWrite Rule.

This will explain the quantifiers for ? * + used infront of the ReWrite Rule.

I have not seen your setup before. But it basically says that the rewrite must match "any single character except newline" "matched 0 or more times" "quote next meta-character"

Mine says "match any character class""matched 1 or more times""match any character except newline"

Although I have done some research on different methods of .htaccess I am still a novice. How each setting truely effects the way each Apache setup parses the .htacess is still beyond me. Due to the varience of each hosts set up some things may need to be adjusted.

I've changed a bit of the previous post due to my typos.

EDIT: additional info.

At the end of these codes.

RewriteRule [^/]+.(gif|jpg|GIF|JPG)$ http://www.drazan.info/hotlink.jpg [R,L]

RewriteRule [^/]+.(gif|jpg)$ - [F] 

You will see the different functions or CondPattern These tell Apache what to return.

[R] = Redirect the request to a new file. In this case it is going to return the hotlink.jpg

[L] = Stops the ReWrite process

[F] = Returns a Forbidden code 403, thus the little "x" from anyone trying to leach.

[NC] = no case

[OR] = switches to the next ReWrite Condition

=)
Jade

 
JadeDragon
JadeDragon's picture

Joined: 2003-02-15
Posts: 332
Posted: Sun, 2003-08-17 23:48

On another note, which was brought to mind by PixelPoets post.

IF you have a problem with this code

RewriteCond %{HTTP_REFERER} !^http://www.yoursite.com [NC] 
RewriteCond %{HTTP_REFERER} !^http://www.otherdomain.com [NC]

Then use this code

RewriteCond %{HTTP_REFERER} !^http://www.yoursite.com [NC,OR] 
RewriteCond %{HTTP_REFERER} !^http://www.otherdomain.com [NC]

Changing [NC] every ending line to [NC,OR] except the last one.

You will probably get a 500 error or no images while testing which works for your server. If you have a nice host then they will answer your questions as to which one is best suited for their setup.

=)
Jade

 
JadeDragon
JadeDragon's picture

Joined: 2003-02-15
Posts: 332
Posted: Mon, 2003-08-18 00:03

Now to wrap this up here is an example of an .htacess page with an image return that will encompase all subdomain characters.

You will want to create your .htacess page in notepade with word wrap OFF. Be careful not to have any extra spaces at the end of a line or within the code itself. You will want to put this in the first public folder of your site. Some hosts (like mine) offer a folder above root. Standard Chmod is 644.

Options +FollowSymLinks 

RewriteEngine On 
RewriteCond %{HTTP_REFERER} !^http://(.+)?yoursite.com [NC] 

RewriteCond %{REQUEST_URI} !^/hotlink.jpg [NC] 
RewriteRule [^/]+.(gif|jpg|GIF|JPG)$ http://www.yoursite.com/hotlink.jpg [R,L] 


Options -indexes

Well I hope this gets everyone going. Any questions I'll do my best to answer.

=)
Jade

 
JadeDragon
JadeDragon's picture

Joined: 2003-02-15
Posts: 332
Posted: Mon, 2003-08-18 00:10

OK I lied. Here's a tutorial for the Bad Referrer that Bharat posted about.

Quoted directly from my host tutorials. I haven't used it yet.

Quote:
How do I block people coming from a certain website or URL from visiting my site or directory?

It's actually very similar to blocking people by IP! Again, you need to add some lines to an .htaccess text file that you create in the home directory of your web site (to create a new file, check this tutorial).

Here is some example code for giving everybody who comes to you from www.google.com a 403 error (access denied):

SetEnvIfNoCase Referer "^http://www.google.com/" BadReferrer
order deny,allow
deny from env=BadReferrer

Another way to block people where you end up just redirecting them to a different url. Here's how to block everybody from example www.google.com again (put this in your .htaccess file):

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://www.google.com/
RewriteRule /* http://www.yoursite.com/restricted_url.html [R,L]

We hope this helps keep those annoying people out of your site!

Note: Google was choosen since most of us would never do this GOOGLE!! Therefore do not copy and paste into your code. Make sure you change google.com to the badlinker.com.

Remember you only need one "RewriteEngine On" in your .htacess file.

=)
Jade

 
Gaile

Joined: 2002-07-20
Posts: 1301
Posted: Mon, 2003-08-18 02:00

Thanks for all the info, Jade.

Gaile

 
alindeman
alindeman's picture

Joined: 2002-10-06
Posts: 8194
Posted: Mon, 2003-08-18 02:07

Yes, I'm bookmarking this thread. Maybe when I'm in a good mood, I'll add all this juicy info to the docs ;)

 
JadeDragon
JadeDragon's picture

Joined: 2003-02-15
Posts: 332
Posted: Mon, 2003-08-18 02:12

Here's another question brought up to me today.

How to ban specific user IPs or a block of IPs

Quote:
The code below is used if there is one IP

<Limit GET POST>
Order allow,deny
allow from all
deny from XX.XXX.XXX.XX
</Limit>

if there are more than one IP use multiple "deny from"

or deny a block of IPs by leaving off the last set(s) of numbers.

<Limit GET POST>
Order allow,deny
allow from all
deny from XX.XXX.XXX.
</Limit>

Disadvantage to this is you may be blocking inocent IPs. Depending on the severity its your decision.

=)
Jade

 
JadeDragon
JadeDragon's picture

Joined: 2003-02-15
Posts: 332
Posted: Mon, 2003-08-18 02:27

Since this is all about images not being stolen a good thing to have is a robots.txt. The robots.txt file acts simular to an .htacess file, but specifically for search engines like Google's Image archiver.

User-agent: Googlebot-Image
Disallow: / 

This prevents all the images on your site from being listed in the Google image directory but still allows google to index the site itself.

To make this work you need to load the robots.txt into /htdocs/robots.txt

If you wish for only a specific directory then it would be.

User-agent: Googlebot-Image
Disallow: /directory/

again placed in the /htdocs/robots.txt

Here is a listing of search engine bots.

=)
Jade

 
Gaile

Joined: 2002-07-20
Posts: 1301
Posted: Mon, 2003-08-18 04:36

Hello again!

I wonder if we should have started a new thread for all this helpful stuff!

Just a couple of things to note. Not everyone has an htdocs directory. For some people it's called public_html or even just www or html.

And here's my robots.txt file, in case anyone isn't sure where to start or HOW LARGE they can be (yeah, this one is kind long). Anyway. Feel free to use it if it is of use to you.

# Robots.txt file
# validate at http://www.searchengineworld.com/cgi-bin/robotcheck.cgi
# last update validated 06/11/03


User-agent: http://www.almaden.ibm.com/cs/crawler 
Disallow: /

User-agent: ArribaPacketRat
Disallow: /

User-agent: autoemailspider
Disallow: /

User-agent: baiduspider
Disallow: /

User-agent: Bilbo
Disallow: /

User-agent: DigExt
Disallow: /

User-agent: dloader(NaverRobot)/1.0
Disallow: /

User-agent: DittoSpyder
Disallow: /

User-agent: DTS Agent
Disallow: /

User-agent: fast
Disallow: /

User-agent: Getleft 1.1b2
Disallow: /

User-agent: girafa
Disallow: /

User-agent: Gigabot/1.0
Disallow: /

User-agent: googlebot-Image
Disallow: /

User-agent: grub-client
Disallow: /

User-agent: HTMLAB
Disallow: /

User-agent: httrack
Disallow: /

User-agent: ia_archiver
Disallow: /

User-agent: ImageVampire
Disallow: /

User-agent: k2spider
Disallow: /

User-agent: mail sweeper
Disallow: /

User-agent: MSIECrawler
Disallow: /

User-agent: NetCaptor
Disallow: /

User-agent: NITLE Blog Spider/0.01
Disallow: /

User-agent: NPBot
Disallow: /

User-agent: nutch
Disallow: /

User-agent: oBot
Disallow: /

User-agent: Offline Explorer
Disallow: /

User-agent: PSBot
Disallow: /

User-agent: QuepasaCreep v0.9.13
Disallow: /

User-agent: Scooter/3.3
Disallow: /

User-agent: sitecheck.internetseer.com
Disallow: /

User-agent: Slurp/2.0
Disallow: /

User-agent: SpiderKU/0.9
Disallow: /

User-agent: Steeler
Disallow: /

User-agent: SurveyBot/2.3
Disallow: /

User-agent: szukacz
Disallow: /

User-agent: Szukacz/1.5
Disallow: /

User-agent: TurnitinBot
Disallow: /

User-agent: Vagabondo/2.1
Disallow: /

User-agent: vischeck_spiderBot/0.1libwww-perl/5.48
Disallow: /

User-agent: vscooter
Disallow: /

User-agent: WebCopier v3.3
Disallow: /

User-agent: WebCopier v3.2a
Disallow: /

User-agent: WebCopier
Disallow: /

User-agent: webcrawler
Disallow: /

User-agent: Web Downloader/4.9
Disallow: /

User-agent: Web Downloader/5.8
Disallow: /

User-agent: WebGather 3.0
Disallow: /

User-agent: WebStripper/2.56
Disallow: /

User-agent: WebZIP/3.65
Disallow: /

User-agent: WebZIP
Disallow: /

User-agent: Wget
Disallow: /

User-agent: Zao
Disallow: /

User-agent:  Zeus 2.6
Disallow: /

User-agent: *
Disallow: /cgi-bin/

I use a robots validator to make sure things are in good working order. The url is at the top of the robots.tx file. In fact, I validated this file before posting it here.

Probably taking this thread WAY off topic, but the site that this validator resides on, Search Engine World, there are a few interesting tools, like Sim Spider that shows you what a spider will see when it visits your site, and a webpage size checker.

... just thought I'd toss those things into the mix and see if it helps anyone.

:)

Gaile

 
joan
joan's picture

Joined: 2002-10-21
Posts: 3473
Posted: Mon, 2003-08-18 07:40

Guys,

This is great stuff. Can you get together with Andrew and make it into a chapter of the manual? It's too deep to be a FAQ, and as forum postings it's going to get pretty hard to wade through.

Just a humble suggestion.

 
alindeman
alindeman's picture

Joined: 2002-10-06
Posts: 8194
Posted: Mon, 2003-08-18 11:39

See my post above ;)

Quote:
Yes, I'm bookmarking this thread. Maybe when I'm in a good mood, I'll add all this juicy info to the docs ;)

 
JadeDragon
JadeDragon's picture

Joined: 2003-02-15
Posts: 332
Posted: Mon, 2004-01-19 12:08

Yes, I'm bumping this. Can we move this somewhere and make it a sticky?

:P
Jade

 
alindeman
alindeman's picture

Joined: 2002-10-06
Posts: 8194
Posted: Mon, 2004-01-19 15:09

Heh, I have totally forgotten about this. Oops :)

 
broox
broox's picture

Joined: 2005-10-14
Posts: 1
Posted: Fri, 2005-10-14 16:04

i'm using currently mod_rewrite, but now friends are having trouble accessing wmv and zip files. how can i allow linking to these?

 
Xepha

Joined: 2005-07-29
Posts: 8
Posted: Sun, 2005-10-16 13:10

This is my .htaccess file, stored in the root www directory, but users are still able to hotlink my images. Did I do something wrong? There is no additional .htaccess file in my albums directory that would be overriding this.

Quote:
<Files .htaccess>
order allow,deny
deny from all
</Files>
php_flag display_errors off
ErrorDocument 404 /index.php
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://www.mydomain.com [NC]
RewriteCond %{HTTP_REFERER} !^http://mydomain.com [NC]
RewriteRule [^/]+.(gif|jpg|mp3|htm|html|php|css)$ - [F]
Options -indexes

Months ago I remember reading something about having to make a change to the .htconfig file if the .htaccess file doesn't work, but of course now that I need that information I can't find it, lol. I don't have access to any .htconfig file and the guy hosting my site said I need to tell him exactly what needs to be done to make it work because he doesn't know, but I don't know either so I hope somebody here does. :)

UPDATE:

I found this in the documentation:

Quote:
Additionally, if when you installed Gallery the config wizard instructed you to add lines to your httpd.conf to allow .htaccess files to work, then you should review those lines and add something similar to httpd.conf for your albums directory. Otherwise, your changes to .htaccess may not have any effect.

... but I don't remember getting any such message asking me to make those changes.

Maybe this is what I was thinking was the ".htconfig file" that I may have to make changes to? I don't know.

 
Xepha

Joined: 2005-07-29
Posts: 8
Posted: Sun, 2005-10-16 13:44

I found this in another thread, and it said to place this in my albums directory (which on my server is /www/albums/ whereas gallery is /www/modules/gallery/) but this didn't work either.

Quote:
RewriteEngine on
RewriteBase /modules/gallery
RewriteCond %{HTTP_REFERER} !^http://www.example.com.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://example.com.*$ [NC]
RewriteRule .*.(jpg|gif|png)$ - [F]

I also tried using the following, which I found in the official documentation on this site, but it didn't work either.

Quote:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://www.example.com/gallery.*$ [NC]
RewriteCond %{REMOTE_HOST} ^.*\.shutterfly.com$ [NC]
RewriteRule ^/albums/.*\.(jpg|gif|avi|png)$ - [F]
</IfModule>

I changed "http://www.example.com/gallery" to "http://www.example.com/modules/gallery" since that is where my Gallery is (I'm using PostNuke).

I guess I should point out that I'm using G1, if that makes a difference. The mod_rewrite module is installed on my server.

 
Kevin_godlike

Joined: 2005-10-22
Posts: 1
Posted: Sat, 2005-10-22 14:15

Hi There ,

Well the above makes sense / no sense ;) .

to start with , on the robots.txt , dont use them ! , bad bots look for exclusions in the robots.txt , and think ,, "oh well not meant to go there ..... so lets have a look" . Also , i know that robots.txt files are a first place any haxor looks to see whats occouring ..

Mod_rewrite , and all of ts voodoo .. woooooo , anti hotlinking is good , but the implamentation above is not the best .

Hows about , if rather than

Quote:
RewriteRule [^/]+.(gif|jpg|GIF|JPG)$ http://www.yoursite.com/hotlink.jpg

you had

RewriteCond %{REQUEST_FILENAME} .*jpg$|.*gif$|.*png$|.*avi$|.*mpg$|.*mpv$|.*mp3$|.*swf$|.*zip$|.*rar$|.*gz$|.*bz2$|.*ace$ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^.*yourdomain.*\.com [NC]
RewriteCond %{HTTP_REFERER} !google\. [NC]
RewriteCond %{HTTP_REFERER} !search\?q=cache [NC]

RewriteRule (.*) http://www.yourdomain.com/showcontent.php

A direct hotlink will not work , however , what about people who just *link* to an image (genuine linking to files is not a bad thing !) . then you get the showcontent.php file to show the image /download in a frame of your site (giving you some backward links , etc )

Just my 1 cents worth .

 
CAJohnson

Joined: 2005-10-06
Posts: 14
Posted: Mon, 2005-10-31 15:25

This is an extremely helpful thread. However, I do - in common with one previous post -- have a question about .htaccess and file types. I have tried to protect my Gallery from hot-linking in 2 different ways using htaccess. Each worked for images files [jpeg, gif]; neither worked for video files [wmv, mpeg, avi]. First I tried using allow,deny as follows:

Quote:
<Limit GET POST>
SetEnvIfNoCase Referer "^http://www.goodomain1.com/" GoodRef
SetEnvIfNoCase Referer "^http://gooddomain1.com/" GoodRef
SetEnvIfNoCase Referer "^http://www.goodomain2.com/" GoodRef
SetEnvIfNoCase Referer "^http://gooddomain2.com/" GoodRef
SetEnvIfNoCase Referer "^http://www.goodomain3.com/" GoodRef
SetEnvIfNoCase Referer "^http://gooddomain3.com/" GoodRef

order allow,deny
allow from env=GoodRef
</Limit>

This blocked direct requests and hot links fine and allowed gallery to operate normally for images, but video files would not play [player would not connect].

Next I tried the alternate method using mod_rewrite [as stated in JadeDragon's posts above]:

Quote:
Options +FollowSymLinks

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://goodomain1.com [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+)?goodomain1.com [NC]

RewriteCond %{REQUEST_URI} !^/hotlink.jpg [NC]
RewriteRule [^/]+.(gif|jpg|jpeg|wmv|mov|mpg|mpeg)$ http://www.mydomain.com/hotlink.jpg [R,NC,L]

Options -indexes

Again, Gallery worked fine and hot-linking and direct requests were blocked - that is, they were properly redirected to hotlink.jpg -- but video files were also redirected. Removing the video files extensions from the RewriteRule allwoed them to be played -- and hotlinked.

I'm guessing that in the first case, there must be a configuration issue with the way htaccess interacts with video files that is allowing html and images files to be passed, but not video. I know that htaccess authentication treats html pages and images differently than video, in that you have to enter your username/password once for each, at least if you are using an external player.

The problem in the second case I imagine could be the same issue, or perhaps Gallery passes requests for video files in such a way that extension is not recognised. Since Gallery uses mod_rewrite to pass image and video requests to view_photo.php, I suspect the potential for a conflict.

Can anyone here shed some light on these issues? I'm using Gallery 1.5.1 but the same behavior occurs on each of the 3 versions of Gallery 1.4 I use.

Many thanks for any insight, pointers to helpful refs, or even a good guess.

 
CAJohnson

Joined: 2005-10-06
Posts: 14
Posted: Mon, 2005-10-31 21:13

Follow up: I think the problem is that media players and/or browsers don't send the referrer data correctly or maybe not at all for video files. If so, it looks like there is no solution using .htaccess in this manner. If anyone knows differently, I love to hear it.

 
djbis

Joined: 2004-02-25
Posts: 64
Posted: Sun, 2005-12-04 11:01

You guys seem to be dealing with some of the same type of issues that I have encountered.

I would like to be able to link pictures from my "folderxyc" (in my wesbite's gallery) on forums and others, but would like to make it so that people CANT just right click on the photo that was posted and just copy and paste "www.mywebsite.com/albums/folderxyc" and just look at everything that is stored in that folder, including those .DAT files which probably contain sensitive info...

I know that I have seen people that are able to do this. Any help would be greatly appreciated!

 
roniabirk

Joined: 2005-11-16
Posts: 7
Posted: Thu, 2006-01-12 16:57

Okay, I really don't get it, lol. This is what I have:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?stripedwall.com(/)?.*$ [NC]
RewriteRule [^/]+.(gif|jpg)$ images/nohotlinking.gif [R,L]

And yet sites like this (http://www.fanforum.com/showpost.php?p=8200659&postcount=118) and this (http://www.deadjournal.com/users/cap_it/?skip=40) can still pull my images. Help?

I can get it to work if I do not specify image extensions like so:

RewriteRule .*$ images/nohotlinking.gif [L]

But then that means direct links to the .html files within my site also do not work.

 
amla

Joined: 2006-04-26
Posts: 36
Posted: Mon, 2006-05-15 07:13

I would like to know following.

I want my other domain to hotlink images,not the gallery domain.
For other domains they must get the pic tht shows u dont hav permission to view it
I want to know where to place the code for the following details in htaccess file & where should I upload it.

advance thanks for the help

 
jumpink

Joined: 2006-07-19
Posts: 2
Posted: Wed, 2006-07-19 19:18

I am trying to setup an .htacess file to prevent hotlinking images on my site.

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com [NC]
RewriteCond %{HTTP_REFERER} !^http://mysite.com [NC]
RewriteRule [^/]+.(gif|jpg)$ - [F]

If I put this file in my root folder, I get a 500 Internal Server Error.

If I put it in my image folder my images do not load I get the x.

I use Earthlink hosting, they say they run on Apache server and .htaccess files are permitted.

Any help would be great thanks.
Kevin

 
jumpink

Joined: 2006-07-19
Posts: 2
Posted: Wed, 2006-07-19 20:33

this was in the logs folder:

AuthType Basic
AuthName "Restricted Area"
AuthUserFile /www/htdocs/domains/s3/00542/www.jarabina.com/etc/.htpasswd
<Limit GET POST>
require valid-user
Options ExecCGI FollowSymLinks
</Limit>

Thanks again

 
djbis

Joined: 2004-02-25
Posts: 64
Posted: Fri, 2006-07-21 20:55

I know it will help to a lesser degree, but maybe having a "no right-click" script setup to prevent the less knowledgeable people from quickly snatching a photo from your gallery would be a first step until we can figure something else out?

If anybody has done this I would welcome any advice. I would like to implement something like this on my gallery.

 
djbis

Joined: 2004-02-25
Posts: 64
Posted: Thu, 2006-07-27 21:18

thanks for the code, Bigal.

If nothing else is available I am sure this could be helpful.

 
seren

Joined: 2002-09-22
Posts: 11
Posted: Thu, 2007-03-22 17:19

In case this helps, here's my .htaccess for disallowing hotlinking to anything other than thumbnails and highlights (except from shutterfly). Hotlinking returns an error image (http://www.seren.net/hotlink.gif):

RewriteEngine On
RewriteBase /albums

#Allow if it's not from another website
RewriteCond %{HTTP_REFERER}     ^$ [OR]
RewriteCond %{HTTP_REFERER}     ^http://seren.net/.*$ [NC,OR]
RewriteCond %{HTTP_REFERER}     ^http://www.seren.net/.*$ [NC,OR]

#Allow if it's the hotlink.gif
RewriteCond %{REQUEST_FILENAME} hotlink.gif [NC,OR]

#Allow shutterfly
Rewritecond %{HTTP_REFERER} ^.*shutterfly.com.*$ [NC,OR]

#Pass through thumbnails or hightlights as-is
RewriteCond %{REQUEST_URI}  \.thumb.jpg$ [NC,OR]
RewriteCond %{REQUEST_URI}  \.highlight\.jpg$ [NC]

#Skip next rule if any previous "OR" statments match
RewriteRule .* - [S=1]

#Return an anti-hotlink gif in place of any visual media
RewriteRule .*\.(gif|jpg|png|swf|rm|mov|mpg|mpeg)$ http://www.seren.net/hotlink.gif [R,L,NC]
 
seren

Joined: 2002-09-22
Posts: 11
Posted: Sat, 2007-07-21 19:39

If your .htaccess file is that large, you probably need to make better use of wildcards. Why is it so large?

 
seren

Joined: 2002-09-22
Posts: 11
Posted: Fri, 2007-07-27 16:02

If you have mod_rewrite installed, this should work:

RewriteEngine on
RewriteRule ^(.*)_(.*)$ $1-$2 [R=301]

Intuitively this should replace only a single instance of "_", but testing shows it replaces all "_"s in the URL.

 
mukan
mukan's picture

Joined: 2007-07-28
Posts: 17
Posted: Sat, 2007-07-28 19:37
Xepha wrote:
I found this in another thread, and it said to place this in my albums directory (which on my server is /www/albums/ whereas gallery is /www/modules/gallery/) but this didn't work either.

Quote:
RewriteEngine on
RewriteBase /modules/gallery
RewriteCond %{HTTP_REFERER} !^http://www.example.com.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://example.com.*$ [NC]
RewriteRule .*.(jpg|gif|png)$ - [F]

I also tried using the following, which I found in the official documentation on this site, but it didn't work either.

Quote:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://www.example.com/gallery.*$ [NC]
RewriteCond %{REMOTE_HOST} ^.*\.shutterfly.com$ [NC]
RewriteRule ^/albums/.*\.(jpg|gif|avi|png)$ - [F]
</IfModule>

I changed "http://www.example.com/gallery" to "http://www.example.com/modules/gallery" since that is where my Gallery is (I'm using PostNuke).

I guess I should point out that I'm using G1, if that makes a difference. The mod_rewrite module is installed on my server.

thank you friend
------------------------------------

 
pedro_rafael

Joined: 2007-10-14
Posts: 2
Posted: Sun, 2007-10-14 20:54

Seren wrote:

Quote:
In case this helps, here's my .htaccess for disallowing hotlinking to anything other than thumbnails and highlights (except from shutterfly). Hotlinking returns an error image (http://www.seren.net/hotlink.gif):

RewriteEngine On
RewriteBase /albums

#Allow if it's not from another website
RewriteCond %{HTTP_REFERER} ^$ [OR]
RewriteCond %{HTTP_REFERER} ^http://seren.net/.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://www.seren.net/.*$ [NC,OR]

#Allow if it's the hotlink.gif
RewriteCond %{REQUEST_FILENAME} hotlink.gif [NC,OR]

#Allow shutterfly
Rewritecond %{HTTP_REFERER} ^.*shutterfly.com.*$ [NC,OR]

#Pass through thumbnails or hightlights as-is
RewriteCond %{REQUEST_URI} \.thumb.jpg$ [NC,OR]
RewriteCond %{REQUEST_URI} \.highlight\.jpg$ [NC]

#Skip next rule if any previous "OR" statments match
RewriteRule .* - [S=1]

#Return an anti-hotlink gif in place of any visual media
RewriteRule .*\.(gif|jpg|png|swf|rm|mov|mpg|mpeg)$ http://www.seren.net/hotlink.gif [R,L,NC]

Hi,

Any idea on how to place a clickable thumbnail of the hotlinked photo instead of a banner ?

I do not want to avoid hotlinking but work around it.

Thanxs,

 
pedro_rafael

Joined: 2007-10-14
Posts: 2
Posted: Thu, 2007-11-01 05:08

Hello guys,

Already found what i was looking for here. The only problem is that it links the hotlinked thumbnail, sized photo and full photo back to the album instead of the photo (thumbnail, sized photo or full photo respectively) itself, but i can definitely live with that.

Cheers,

 
JimB

Joined: 2004-04-02
Posts: 9
Posted: Mon, 2007-11-19 17:28

I read through most of this and I really need help please.

ver. 1.4.4 pl6

I hot link my pictures to other forums by direct url to image, not so much interested in stopping hotlinkin to the pictures because I have plenty of bandwidth. My album dir when someone is trying to access through the web do not show.

Here is my problem. Every now and then hackers are uploading spam and take over scripts to the /albums directory.
I was thinking of placing an htaccess to the /albums directory:
For example:
Order deny,allow
Deny from all

Will this interfere with anything?

I have a skin that Jade did for me that I would need upgraded to 1.57 but can not get a hold of her. They tell me that this version might me more protected, not sure. If anyone know someone that can update the skin to the1.5.7 version please let me know.

Thank you for your help.
Jim B.

 
Carvehicle.net

Joined: 2008-12-27
Posts: 28
Posted: Sun, 2009-01-04 09:40

Hello all is my site http://carvehicle.net

and .htaccess

Quote:
# BEGIN Url Rewrite section
# (Automatically generated. Do not edit this section)
<IfModule mod_rewrite.c>
RewriteEngine On

RewriteBase /

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d [OR]
RewriteCond %{REQUEST_FILENAME} gallery\_remote2\.php
RewriteCond %{REQUEST_URI} !/main\.php$
RewriteRule . - [L]

RewriteCond %{HTTP:Authorization} (.+)
RewriteCond %{QUERY_STRING} !g2_authorization=
RewriteRule . %{REQUEST_URI}?g2_authorization=%1 [QSA]
RewriteCond %{THE_REQUEST} /admin/(\?.|\ .)
RewriteCond %{REQUEST_URI} !/main\.php$
RewriteRule . /main.php?g2_view=core.SiteAdmin [QSA,L]
RewriteCond %{THE_REQUEST} /wallpaper/([0-9]+)-([0-9]+)/([^/?]+)(\?.|\ .)
RewriteCond %{REQUEST_URI} !/main\.php$
RewriteRule . /main.php?g2_view=core.DownloadItem&g2_itemId=%1&g2_serialNumber=%2&g2_fileName=%3 [QSA,L]
RewriteCond %{THE_REQUEST} /f/([^?]+)(\?.|\ .)
RewriteCond %{REQUEST_URI} !/main\.php$
RewriteRule . /main.php?g2_controller=permalinks.Redirect&g2_filename=%1 [QSA,L]
RewriteCond %{THE_REQUEST} /([^?]+)(\?.|\ .)
RewriteCond %{REQUEST_URI} !/main\.php$
RewriteRule . /main.php?g2_path=%1 [QSA,L]
</IfModule>

# END Url Rewrite section

# BEGIN Url Rewrite section
# (Automatically generated. Do not edit this section)
<IfModule mod_rewrite.c>
RewriteEngine On

RewriteBase /

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d [OR]
RewriteCond %{REQUEST_FILENAME} gallery\_remote2\.php
RewriteCond %{REQUEST_URI} !/main\.php$
RewriteRule . - [L]

RewriteCond %{HTTP:Authorization} (.+)
RewriteCond %{QUERY_STRING} !g2_authorization=
RewriteRule . %{REQUEST_URI}?g2_authorization=%1 [QSA]
RewriteCond %{THE_REQUEST} /sitemap(\?.|\ .)
RewriteCond %{REQUEST_URI} !/main\.php$
RewriteRule . /main.php?g2_view=sitemap.Sitemap [QSA,L]
RewriteCond %{THE_REQUEST} /admin/(\?.|\ .)
RewriteCond %{REQUEST_URI} !/main\.php$
RewriteRule . /main.php?g2_view=core.SiteAdmin [QSA,L]
RewriteCond %{THE_REQUEST} /d/([0-9]+)-([0-9]+)/([^/?]+)(\?.|\ .)
RewriteCond %{REQUEST_URI} !/main\.php$
RewriteRule . /main.php?g2_view=core.DownloadItem&g2_itemId=%1&g2_serialNumber=%2&g2_fileName=%3 [QSA,L]
RewriteCond %{THE_REQUEST} /v/([^?]+)(\?.|\ .)
RewriteCond %{REQUEST_URI} !/main\.php$
RewriteRule . /main.php?g2_path=%1 [QSA,L]
RewriteCond %{THE_REQUEST} /f/([^?]+)(\?.|\ .)
RewriteCond %{REQUEST_URI} !/main\.php$
RewriteRule . /main.php?g2_controller=permalinks.Redirect&g2_filename=%1 [QSA,L]
</IfModule>

# Set the default handler.
DirectoryIndex main.php

i submit my sitemap google http://www.carvehicle.net/?g2_view=sitemap.Sitemap But erro " Network unreachable: DNS issue
We encountered an error while trying to access your Sitemap. Please ensure your Sitemap follows our guidelines and can be accessed at the location you provided and then resubmit. "

Help Me :((