Hallo,
I'm seriously struggling with the .htaccess-thing preventing users who are not logged in in Coppermine from accessing JPG-files directly via URL.
(http://www.heiko-heider.de/php/coppermine/albums/2004_05_Strassburg/DSC06267.jpg)
My Coppermine Gallery is in the following directory:
http://www.heiko-heider.de/php/coppermine/
but can also be accessed with these 2 sub-domains:
http://pics.heiko-heider.de
http://bilder.heiko-heider.de
which point to the server directory above.
I read all the threads in this forum regarding this and tried creating an .htaccess file with the following entries:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://www.heiko-heider.de//.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.heiko-heider.de$ [NC]
RewriteCond %{HTTP_REFERER} !^http://heiko-heider.de/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://heiko-heider.de$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp.*.*jpg|jpeg|gif|png|bmp)$ http://www.heiko-heider.de [R,NC]
Although this prevents me from accessing jpgs via URL, broken links appear in Coppermine, too.
I hopy someone can help me out on this, as I'm not that familiar with .htaccess files.
Thanks in advance,
Heiko
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} .*jpg$|.*gif$|.*png$|.*jpeg$|.*bmp$ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !heiko-heider\.de [NC]
Should be enough for preventing hotlinking, but if you want to exclude your own directorys and still want to enable coppermine accessing them its a difficault thing. It's doable but well nobody I know had workt this out
http://forum.coppermine-gallery.net/index.php?topic=15178.0
Thanks for the fast reply.
Unfortunately, the code didn't work, either. -> CP can't access the pictures itself.
I just mailed my hosting-support, they told me thad "mod-rewrite" is not available.
So I'm thinking whether preventing direct URL-file-access with .htaccess is possible at all?
Does anybody know if it's worth to keep trying or that it's just impossible on my host?
Thanks,
Heiko
Well it means you can't use this method. There may be an alternative, see if they can suggest anything.
Hmm, so it seems my provider sucks!
Well, it's a no-frills-provider, charging for every extra, for example disabling safe-mode will cost 29€.
I have, however, a folder-structure not within the public-html-folder.
Is there any chance that Coppermine gets the files from this folder? Gallery2 is able to do this, I think, but I can't use that due to the safe-mode restriction :-(
Or does anyone else here know a way preventing url-file-access without the need for .htaccess?
What I don't understand, however:
although mod-rewrite seems to be diabled by my host, putting the above code in an .htaccess-file blocks direct URL access to jpg-files.
So at least the blocking seems to work.
Maybe theres a way to give coppermine access anyway???
Thanks,
Heiko
Heiko,
The real question is why? If a person can view your pictures they already have a copy of it on their computer. They can also download any picture they are viewing no matter what kind of blocks you put up.
Blocking hot-linking is usually what most users require.
However, if you can identify who the abusers are, you can use htaccess to block these users by IP or referrer ID. see: http://www.javascriptkit.com/howto/htaccess.shtml
Dennis
@madeinhawaii:
No, no. That's not what I meant.
You see: I have albums that only certain usergroups can view through logging in to coppermine. My friends of course can do whatever they want with the pictures. I just want to prevent external surfers (who have to much free-time <g>) from getting my pictures by entering the URLS of filenames, thus bypassing coppermines password protection.
Heiko,
Did you try this: http://forum.coppermine-gallery.net/index.php?topic=3069.0
Dennis