Prevent hotlinking [not working] Prevent hotlinking [not working]
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Prevent hotlinking [not working]

Started by Chirrilona, June 04, 2007, 01:14:32 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Chirrilona

June 04, 2007, 01:14:32 AM
I set this code fore my site, but I have problems. I cant see pics in my gallery.  ??? So the code is working, but in wrong way. I put .htaccess in my album folder.
How I must set it up, cos I have installed gallery in this way -> mysite.com/gallery

SetEnvIfNoCase Referer "^http://www.mysite.net/" locally_linked=1
SetEnvIfNoCase Referer "^http://mysite.net/" locally_linked=1
SetEnvIf Referer "^$" locally_linked=1
<FilesMatch "\.(gif|png|jpe?g)$">
  Order Allow,Deny
  Allow from env=locally_linked
</FilesMatch>

Joachim Müller

#1
June 04, 2007, 09:09:17 AM
Post a link to your gallery and the actual .htaccess file (not the one with dummy placeholders).

Chirrilona

#2
June 04, 2007, 01:51:54 PM
Here is my file and link www.telenovele-slo.net/galerija

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?telenovele-slo.net/galerija(/)?.*$     [NC]
RewriteRule .*\.(gif|jpg|jpeg|bmp|png)$ http://telenovele-slo.net/nolinking.jpg [R,NC]

Joachim Müller

#3
June 04, 2007, 02:22:39 PM
Code Select
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?telenovele-slo.net/galerija(/)?.*$     [NC]
RewriteRule .*\.(gif|jpg|jpeg|bmp)$ http://telenovele-slo.net/nolinking.jpg [R,NC]should do the trick. However, when entering the URL of one of your pics manually (e.g. http://www.telenovele-slo.net/galerija/albums/userpics/zharick%D7.jpg), I get
QuoteInternal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, telenoveleslo@yahoo.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.
, which indicates that there is something fishy with your webserver setup. Make sure that you're actually allowed to use mod_rewrite. Contact your webhost for details.

Chirrilona

#4
June 05, 2007, 02:03:39 PM
I asked my webhost and they said I have permission. So what else could be wrong?  ???

Joachim Müller

#5
June 05, 2007, 05:28:26 PM
That's nonsense. When accessing a jpeg file, the server mustn't return a 500 internal server error. If it does, there's definitely something fishy with the server's setup. When going to http://www.telenovele-slo.net/galerija/albums/userpics/ or http://www.telenovele-slo.net/galerija/albums/userpics/foo/bar/whatever.jpg (a file that doesn't even exist) I get a 500 error as well. Tell them that they need to fix this - you're welcome to refer to this thread. Refering to a non-existant file should result in a 404, but definitely not in a 500.

Chirrilona

#6
June 07, 2007, 11:03:58 PM Last Edit: June 08, 2007, 10:26:29 AM by GauGau
They said thats how works their rewrite [look code below].

cat .htaccess
Code Select
Options +FollowSymLinks
RewriteEngine on

RewriteRule ^index.html                  index.php [PT]
RewriteRule ^details.php(.*)$           
http://%{SERVER_NAME}/property.php$1     [R,L]
RewriteRule ^property/([0-9]+)$         
http://%{SERVER_NAME}/property.php?id=$1 [R,L]
RewriteRule ^property_([0-9]+).html$   
http://%{SERVER_NAME}/property.php?id=$1 [R,L]
RewriteRule ^tags/(.*)$                 
http://%{SERVER_NAME}/tag.php?name=$1    [R,L]
RewriteRule ^tag-(.*).html$             
http://%{SERVER_NAME}/tag.php?name=$1    [R,L]

Joachim Müller

#7
June 08, 2007, 10:29:03 AM
How is that suppossed to be related? There are no files named "property.php" nor "tag.php" in Coppermine. Hotlinkink protection needs to take care of the contents (images), not some PHP files.
However, if this is what your webhost recommends to implement, then ask them for support if it doesn't work.

romank

#8
July 31, 2007, 12:57:06 PM
I have put an .htaccess in albums folder which looks like this

Code Select

RewriteEngine On

RewriteCond %{REQUEST_FILENAME} .*jpg$|.*gif$|.*swf$|.*pps$|.*pdf$|.*zip$|.*png$ [NC]
# Okay. First condition: the file name must end in .jpg, .gif, or .png.
# This makes sure our hotlink prevention only triggers on images.
# You might want to change this to include .swf, .mp3, or other similar files.

RewriteCond %{HTTP_REFERER} !^$
# Second condition: the referrer must not be blank.
# This means that people who aren't passing referrer headers, for whatever reason,
# will still be able to see your images.

# These next conditions allow linking from your own site,
# and any other friendly sites that you want to allow linking from.
# Change the sites to your own, of course. Apache isn't psychic.
RewriteCond %{HTTP_REFERER} !act-thielmann\.at [NC]
RewriteCond %{HTTP_REFERER} !zwax.act-thielmann\.at [NC]
RewriteCond %{HTTP_REFERER} !videowand\.eu [NC]
RewriteCond %{HTTP_REFERER} !act-led\.de [NC]
RewriteCond %{HTTP_REFERER} !ledsign\.info [NC]
RewriteCond %{HTTP_REFERER} !laufschriften\.info [NC]
RewriteCond %{HTTP_REFERER} !centos [NC]

# Okay. Finally, let's let Google get through.
# These last conditions allow people using the Google cache and Google Image Search to see your pictures.
# (You might want to remove this if you don't want people to find your pictures this way, but I don't recommend it.)
RewriteCond %{HTTP_REFERER} !google\. [NC]
RewriteCond %{HTTP_REFERER} !search\?q=cache [NC]
RewriteCond %{HTTP_REFERER} !bildersuche24.org [NC]

# This last rule silently redirects the request to /showpic.php?pic=[the requested file].
# Thanks to the wonder of Apache, this will automatically include all necessary slashes and path information,
# and not be visible to the end user.
# RewriteRule (.*) /cpg/displayimage.php?pos=-$1
# RewriteRule .*\.(gif|jpg|jpeg|bmp)$ http://www.act-thielmann.at/images/actthiellogo.gif [R,NC]
RewriteRule .*\.(gif|jpg|jpeg|bmp|png)$ http://www.act-thielmann.at/herold_referer=www.herold.at/herold_ani.gif [R,NC]
# RewriteRule (.*) http://www.act-thielmann.at/cpg/index.php


Thanks to this article: http://www.alistapart.com/articles/hotlinking/

nasirmulani

#9
August 27, 2007, 06:24:45 PM
Chirrilona u r getting the 500 internal server error because u r preventing the jpg from being hot linked and finally redirecting the user to a jpg file it self. see the code below

RewriteRule .*\.(gif|jpg|jpeg|bmp)$ http://telenovele-slo.net/nolinking.jpg [R,NC]

here what u need to do is create a png file ( nolinking.png ) and redirect the user to that file upon hotlinking. hers the correct code

RewriteRule .*\.(gif|jpg|jpeg|bmp)$ http://telenovele-slo.net/nolinking.png [R,NC]
Print
Go Up Pages1
User actions