How to stop directlinking How to stop directlinking
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

How to stop directlinking

Started by Fudgemaster, November 12, 2005, 03:30:03 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Fudgemaster

Hiya..

My coppermine gallery is at http://www.partanen.net/gallery

The pictures are possible to view with a direct link to the file ie.
http://www.partanen.net/gallery/albums/muita_tapahtumia/dynamiitti_com_2005/07_01/IMG04025.jpg

or by browsing the directories
http://www.partanen.net/gallery/albums/muita_tapahtumia/dynamiitti_com_2005/07_01

Is there a way to disallow this so you would be directed/forced to the gallery, and the images would be accessible only through the gallery itself  ?
--
It's an insane world.. But I'm proud to be a part of it.

Stramm

here's a htaccess file for you
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?partanen.net [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]


it doesn't show the images when another site calls them (hotlinking) but allows the request if you just copy/ paste the pic URL into your browser. If you don't like that behavior then delete RewriteCond %{HTTP_REFERER} !^$ (not recommended cause you'll block a lot of software firewall users form your site)

Fudgemaster

Okay. Thank You.

I'll test this for some directories and see how the users react and report about it.
--
It's an insane world.. But I'm proud to be a part of it.

Stramm

if you place it in the albums directory it's protecting all subfolders too?

Fudgemaster

Quote from: Stramm on November 13, 2005, 09:13:13 AM
if you place it in the albums directory it's protecting all subfolders too?

Yes. I have put the .htaccess file to the albums directory and it "protects" all itäs sub directories, oh so nice  :)
I also made a index.htm to every directory under albums (not edit directory) that redirect to the mainpage, gotta smoothen it up a notch, when I get the inspiration  ::)

And now, just to make a custom error message for the "403 - forbidden" .

Thanks for the help  8)

EDIT:
Oh yeah, I used the one with out the
RewriteCond %{HTTP_REFERER} !^$
line in it.

- Sami Partanen .
--
It's an insane world.. But I'm proud to be a part of it.

xplicit

If for some reason you want to allow some sites to still access the images you can use the rule below:

I use this for google to allow it to show pictures with theire image finder

RewriteCond %{HTTP_REFERER} !google\. [NC]

the \. indicates that it may be every extention (.com, .nl, .de. etc etc)
Don't ask me: Can you do this .... or Give me that...or I need Quick help in PM's. I'm not Santaclaus so post your questions on the board so it will be in the benefit for everyone.

Fudgemaster

Sorry to bump up such an old topic but I'd like to tell my feelings about using these methods after havig them in use for some time..

Quote from: Stramm on November 12, 2005, 04:14:39 PM
here's a htaccess file for you
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?partanen.net [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]


it doesn't show the images when another site calls them (hotlinking) but allows the request if you just copy/ paste the pic URL into your browser. If you don't like that behavior then delete RewriteCond %{HTTP_REFERER} !^$ (not recommended cause you'll block a lot of software firewall users form your site)

I used that in my .htaccess and listened to what people have to say about it.

The results were that most of firefox users had problems viewing the images (none show up) and myself had problems with Opera and IE not showing up all the pics and the proper links to files in the gallery would show a 403 error I customized for hotlinkers.
Even hitting refresh several times did not allways show all the images in the albums thumbnail/filmstrip view.

Even playing around the users firewalls did not allways have any affect. Maybe everyone configs theis kewl FF browsers to kill all the referrer info or something.

Thus removed that referrer thingamajigger from the .htaccess I used.
And no I'll just munch my carpets whilst being BW raped by people who link the pictures, not the gallery links.
Oh well, You don't allways get all you want, and sometimes You get somethings You don't want... :)

EDIT:
Forgot to say that the method Stramm gave me was fully functional with some side effects and I still take this case as solved.
--
It's an insane world.. But I'm proud to be a part of it.

Nibbler

RewriteCond %{HTTP_REFERER} !^$

That line allows blank referrers.