(Solved) .htaccess to prevent direct viewing (absolute url) of CPG albums pics! (Solved) .htaccess to prevent direct viewing (absolute url) of CPG albums pics!
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

(Solved) .htaccess to prevent direct viewing (absolute url) of CPG albums pics!

Started by Bin, September 22, 2004, 01:42:23 AM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Bin

Hello all ...

I'm in a very tricky position here, and I fimrly belive .htaccess can bail me out, but I dont know how to make one. Could someone please please guide me to make one?

• I use pnCPG (Coppermine Photo Gallery 1.3.2) as a module for PostNuke version: 0.7.2.6-Phoenix on my personal website.

• I have restricted all the albums of CPG to be viewed only by registered users. But I also have (and want) CPG latest and random picture scroller blocks on my website, viewable to everyone. As in, the thumbnails of random and latest pictures can be seen by anonymous users.

• Now heres the tricky part, I as an anonymous user can right click on the thumbnail to find out its location (http://www.domain.com/modules/pnCPG/Coppermine/albums/uPlOaDEdPiCtuREs/Me/Kiddie/thumb_12.jpg) and simply paste (http://www.domain.com/modules/pnCPG/Coppermine/albums/uPlOaDEdPiCtuREs/Me/Kiddie/12.jpg) on the browser to view the actual image.

• What I want to do is to "restrict" anyone from directly requesting the image files i.e jpg, jpeg, gif png from the browser like this (i.e not a request through Coppermine) , but at the same time ... if a registered user is logged on and wants to view the pic, he can do so (will this be termed as a request from apache?)

Please let me know if this is possible? I'll be really grateful for any help from you :)


Bin

Hey ...

Thanks for a reply this quick and very relevant. I'm trying it and will reply here in a bit ... I think what you said should work just fine :D

Bin

#3
Quote from: TranzNDance on September 20, 2004, 03:45:25 PM
How about putting this in the .htaccess file? When someone attempts to enter the absolute url, it redirects to the desired destination.
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://www.YourGalleryDomain.net/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.YourGalleryDomain.net$      [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp.*.*jpg|jpeg|gif|png|bmp)$ http://DesiredDestination.net [R,NC]


The desired destination could be a page with a message explaining the situation, or it could just point to the gallery itself.

Coppermine Wizard that you are, your suggestion worked like a charm for me  8)

This is exactly what I was looking for, thank you so much TranzNDance :D

Although, few more queries if its ok with you.

Q1. I have placed this .htaccess in one of the albums in Coppermine, will I have to place the said .htaccess in all of the albums?
     Or can I append/add it to the .htaccess on the root folder of my website?

The current .htaccess in the root folder has this:

# -FrontPage-

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName www.mydomain.net
AuthUserFile /home/domainuser/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/domainuser/public_html/_vti_pvt/service.grp



Q2. Will using your suggestion restrict people from downloading the file with some download utility like Download Accelerator etc? (Just a query, for my info)


Would appreciate any reply that'd let me know what am I doing and what should I do if I need something similiar in future :)

- Regards, Binesh.

Tranz

Well, I can't take credit for the code. I just entered in settings into a cPanel applet and that's what I got. :)

Subfolders will inherit their parent folder's .htaccess settings. If you want all your albums protected, you put the .htaccess file in the albums folder. If you want your entire site protected, you could add those lines to the existing file in your root folder.

I hear Front Page can be quite tempermental, so back up your .htaccess file before editing. Well, you should do that regardless.

I'm not familiar with those download utilities. If you have one, it would be great if you could test it out and report your results.

Bin

Well, thank you for your time & suggestion though :)

Got all that you said right on, I'll simply added the said .htaccess in the albums folder.

Rest everything fine, the code suggested by you doesnt allow pnCPG blocks to display any Latest/Random images on PostNuke, as it calls for the images as absolutely, I guess. All the images (in the said blocks) shows up as a white box with red cross mark on it. Anything can be done as for this matter?

Tranz

You would have to add PostNuke domain to the whitelist of allowed domains, in this manner:
RewriteCond %{HTTP_REFERER} !^http://www.YourGalleryDomain2.net/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.YourGalleryDomain2.net$      [NC]


Also, there's a difference between the version of the domain with and without the www. Same thing if you want to allow a subdomain. I often forget about that when I add subdomains.

Bin

My postnuke domain is http://mydomain.net which can be http://www.mydomain.net too.

I added my domain without the www's to the whitelist, as suggested by you.


RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://www.mydomain.net/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mydomain.net$      [NC]
RewriteCond %{HTTP_REFERER} !^http://mydomain.net/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://mydomain.net$      [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp.*.*jpg|jpeg|gif|png|bmp)$ http://www.mydomain.net [R,NC]


Sorted out my entire issue. Thank you TranzNDance.

Also, I tried downloading through a download manager using the absolute URL (say: http://mydomain.net/modules/pnCPG/Coppermine/albums/0001.JPG, the file gets downloaded as a JPG alright. But for some weird reason I couldnt view it, it showed up as blank. Opened it in Notepad, its the source code of my index.php (thats where I've redirected it to), lol. Neat suggestion TranzNDance :)

Marking this topic as Solved :D

Bin

Oh yeah! Would like to recommend this to the developers to incorporate this in the coming releases of CPG. Also, taking this oppurtunity to thank the developers of CPG for giving us all the BEST Gallery script we could've ever asked for :)

Joachim Müller

I can see no way a download manager or other client app should be able to overcome those protections, as they're server sided. However, if you allow "regular" browsing on your site, you could get leeched with an offline website copier like httrack.

This can not go into coppermine core code, as it will only work for users on apache webserver with rewrite engine turned on and a webhost allowing .htaccess files to be mofified. As this is not the case for many websites that use coppermine, it will always have to be a mod, but Omni (the dev team member who created the yet-to-come coppermine plugin API) suggested to make this into a plugin that could ship with coppermine.

Joachim

Bin

Quote from: GauGau on September 22, 2004, 07:20:19 AM
I can see no way a download manager or other client app should be able to overcome those protections, as they're server sided. However, if you allow "regular" browsing on your site, you could get leeched with an offline website copier like httrack.

This can not go into coppermine core code, as it will only work for users on apache webserver with rewrite engine turned on and a webhost allowing .htaccess files to be mofified. As this is not the case for many websites that use coppermine, it will always have to be a mod, but Omni (the dev team member who created the yet-to-come coppermine plugin API) suggested to make this into a plugin that could ship with coppermine.

Joachim

Reply perfectly justified Joachim :)

Anyway, it served to suit my basic concern. I hope it does for many more users.

Thank you and your staff for the quick support :D

Extreme

Quote
Q2. Will using your suggestion restrict people from downloading the file with some download utility like Download Accelerator etc? (Just a query, for my info)

Exactly what I need, a solution to prevent leechers that uses softwares such as Teleport Pro, WebStripper etc. to grab the whole site... If anyone has tips on how to take care of it, please let us know.  :-\\

Tranz

Quote from: Extreme on November 13, 2004, 04:03:03 PM
Quote
Q2. Will using your suggestion restrict people from downloading the file with some download utility like Download Accelerator etc? (Just a query, for my info)

Exactly what I need, a solution to prevent leechers that uses softwares such as Teleport Pro, WebStripper etc. to grab the whole site... If anyone has tips on how to take care of it, please let us know.  :-\\
@Extreme, what are you talking about? This thread has been about tips on "how to take care of" leechers. Did you try the instructions/code?

Extreme

Quote from: TranzNDance on November 13, 2004, 04:28:16 PM
Quote from: Extreme on November 13, 2004, 04:03:03 PM
Quote
Q2. Will using your suggestion restrict people from downloading the file with some download utility like Download Accelerator etc? (Just a query, for my info)

Exactly what I need, a solution to prevent leechers that uses softwares such as Teleport Pro, WebStripper etc. to grab the whole site... If anyone has tips on how to take care of it, please let us know.  :-\\
@Extreme, what are you talking about? This thread has been about tips on "how to take care of" leechers. Did you try the instructions/code?

Yeah you're right mate, this thread is totally wrong.  :-\\ I'll better make a new clean one instead, hehe.

Joachim Müller


Tranz


kegobeer

[off topic]
When I lived in England, I often heard women calling their friends 'mate' - just like I tend to call my friends 'pal'.  No offense was meant, I'm sure.
[/off topic]
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots