Problem with .htaccess Problem with .htaccess
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Problem with .htaccess

Started by biesky83, April 22, 2005, 02:57:25 AM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

biesky83

Alright so i've had a problem with hotlinking in the past and the rewrite code you posted for apache servers works great. Here is the code:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://mysite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://mysite.com$      [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp.*.*jpg|jpeg|gif|png|bmp)$ http://www.mysite.com [R,NC]



Now that code works great for trying to steal pics. But my problem is that i have videos also on my gallery. I have .avis, .wmvs, and .mpegs. I tried to modify the htaccess file to block those file types as well but it's not working. Here is what I'm using:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://mysite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://mysite.com$      [NC]
RewriteRule .*\.(jpg|jpeg|avi|wmv|mpeg|gif|png|bmp.*.*jpg|jpeg|avi|wmv|mpeg|gif|png|bmp)$ http://www.mysite.com [R,NC]


What am I doing wrong that the code won't block avis, wmvs, and mpegs??

OmegaGOD

Your additions to .htaccess looks right. I have the same thing you have except I have more extentions in my list to protect from hotlinking. Try accesing the files again, but  before, dump your cache. You web-browser may just be reloading the file from its cache instead of hitting the web server

Hope this helps,

--OmegaGOD
Please do not PM me with support questions. Please read the manual and then if posting questions please place them in the proper sub-boards.

biesky83

My problem is when I upload that .htaccess file it just prevents everyone from even viewing the videos. The windows media player appears but it just won't play. Once i remove the .htaccess file then it works again. I'll try your suggestions with clearing my cache and see what happens. I didn't think about doing that.

OmegaGOD

Yes, the .htaccess will prevent users from hotlinking to your files. You should still be able to access those files through internal links from your webpage.
Please do not PM me with support questions. Please read the manual and then if posting questions please place them in the proper sub-boards.

biesky83

nope. just re-uploaded it after i cleared cache and everything. i even restarted to be 100 percent sure and it doesn't let you actually view the videos when I upload that .htaccess. any other ideas? or anything else i can do to prevent people from downloading the videos?

i read your hotlinking tutorials but all that does is prevent other sites from directly linking. you can still type in the address bar and get the file. granted, most newbies don't know how to click view source but many people can.


OmegaGOD

Please do not PM me with support questions. Please read the manual and then if posting questions please place them in the proper sub-boards.

biesky83

Quote from: TranzNDance on April 22, 2005, 04:32:42 AM
http://www.lunarforums.com/forum/viewtopic.php?t=22829

thanks for all that info. the only problem is you have to be pretty good with programming to incorporate that into coppermine. i don't know if i'm that advanced yet. over the past year i've gotten pretty good with php and perl but i would have to modify alot of that to make it work with my board.

biesky83

Thanks for all the info from both of you. It looks as if its easy to block the direct downloading through a url of videos but the problem is you can't have them actually viewable from your site. After reading all of that I was wondering if you guys have ever thought about developing some code that hides the album and filename in view source or something that makes it harder to find?

OmegaGOD

I think I might have mis-interpreted your question. Are you trying to have your videos streamed and played from within coppermine? For example, If you click on a video, it will open a mini-player within the browser window and to play it within the same page instead of opening a the player independent of the web-browser, allowing your users to download the file before playing.

Please do not PM me with support questions. Please read the manual and then if posting questions please place them in the proper sub-boards.

biesky83

Quote from: OmegaGOD on April 22, 2005, 03:56:32 PM
I think I might have mis-interpreted your question. Are you trying to have your videos streamed and played from within coppermine? For example, If you click on a video, it will open a mini-player within the browser window and to play it within the same page instead of opening a the player independent of the web-browser, allowing your users to download the file before playing.



Yeah, I'm sorry I should have been a little more clear on the issue. We have a gallery set up with our phpbb website. We have an average of 50-60 users online at a time. We give everyone public access to the pictures of the gallery but have the videos as private for long term site members. They do stream straight from coppermine. Meaning you have to use IE6 and nothing else. I really wish firefox would work on making it compatible but oh well. Anyway all it would take is one long term site member to click view source, scroll down and see the direct URL path.

The dev. guy above you posted a very useful article (but im sure you already knew that i just wasn't clear). I guess its fairly complex to prevent hotlinking of windows media files because then you can't stream them straight from the site. It's the way media player gets the video and doesn't send a referrer or something along those lines.

The problem with the article that was posted is I don't know if I'm good enough with php yet to be able to adapt that code to make it work on my board. It will probably take me a few months (no free time) to actually get it to work. I was just curious if either of you knew of any add-ons or hacks or anything that might hide the path a little better in view source. I'll pretty much do anything because I'm on a dedicated server but its killing my bandwidth.

The mod-rewrite works great for the pictures though.

MstrMitch

sorry to interupt you but I saw you were using PHPBB bridging to coppermine. I am having a hell of a time trying to make an htaccess file that hides a url from public viewing but opens it up on a link from PHPBB. my url for pictures is http://www.mysite.org/pics/ and my board is at http://www.mysite.org/board/

I tried to use this htaccess

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mysite.org/board(/)?.*$     [NC]
RewriteRule .*\.(gif|jpg|jpeg|bmp|swf|mpeg|wmv|mov|mp3|mp4|mpg|png|psd|txt|doc)$ http://www.mysite.org [R,NC]

but it doesnt work. it still blocks the pictures from the link on the board as well as to the public. I am using SID=? for the session ID in PHPBB, but that changes each time. should i get rid of that? how did you overcome it.

Mitch