Fork me on GitHub

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Try Vanilla Forums Cloud product

In this Discussion

Ready to contribute?

Amazing! Sign our contributors' agreement and then join us on GitHub.

Please upgrade to 2.1.x here. The 2.0 branch is no longer being updated.
Critical: Update to 2.1.8, released 15 Jan.

hotlink protection

camocamo New
edited October 2011 in Vanilla 2.0 Help
Hi, Im using a
 dot htaccess
rewrite condition to redirect if an image is hotlinked from my website. It USED TO WORK
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?*$ [NC]
RewriteRule .*\.(gif|jpg|png|jpeg|bmp)$ [R,NC]
A few questions:

1. what is the modern way to do this?

2. (if I can sort that) How do I add it to my forum .htacces to use there too? Or can I modify the original (main website .htaccess) to cover both the forum
and my classifieds

P.S sorry about the other two post, didnt realise writing
dot htaccess 
would screw something.


Best Answer

  • camocamo New
    edited October 2011 Answer ✓
    Ok, after much messing about, The following works

    websites file

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?\/ [NC]
    RewriteRule \.(jpg|jpeg|png|gif)$ [NC,R,L]

    include in the forums file

    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?\/ [NC]
    RewriteRule \.(jpg|jpeg|png|gif)$ [NC,R,L]
    include in classifieds file

    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?\/ [NC]
    RewriteRule \.(jpg|jpeg|png|gif)$ [NC,R,L]
    These work and replace images AFTER clearing the cache. but regular visitors are not likely to have a clean cache (having visited the site before)

    How do you stop them?

    Also facebook has no trouble pulling thumbnails still, even without mention of them in the codes??? Mystery!

    I still cannot get hotlinks to redirect to my policy page though! ?

    EDIT: CRAP! now its not working again, WTF? I hate code!


  • camocamo New
    edited October 2011
    Ok Im now using this

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^*$ [NC]
    RewriteCond %{HTTP_REFERER} !^$ [NC]
    RewriteCond %{HTTP_REFERER} !^*$ [NC]
    RewriteCond %{HTTP_REFERER} !^$ [NC]
    RewriteCond %{HTTP_REFERER} !^https?://(www\.)?facebook\.com [NC]
    RewriteRule \.(gif|jpg|jpeg|png)$ [NC,R,L]
    But Id really like to be abl;e to redirect if used in tags

    RewriteRule .*\.(gif|jpg|png|jpeg|bmp)$ [R,NC]

    also to include /forum & /classifieds

    My forum file is...

    RewriteEngine On
    # Certain hosts may require the following line.
    # If vanilla is in a subfolder then you need to specify it after the /.
    # (ex. You put Vanilla in /forum so change the next line to: RewriteBase /forum)
    RewriteBase /forum
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^(.*)$ index.php\?p=$1 [QSA,L]

    my classifieds file is

    ErrorDocument 404 /classifieds/content/404.php

    RewriteEngine on
    RewriteBase /classifieds
    RewriteRule ^([0-9]+)$ index.php?page=$1 [L]
    RewriteRule ^install/$ install/ [L]
    RewriteRule ^admin/$ admin/index.php [L]
    RewriteRule ^rss/$ content/feed-rss.php [L]
    RewriteRule ^manage/$ content/item-manage.php [L]
    RewriteRule ^publish-a-new-ad.htm content/item-new.php [L]
    RewriteRule ^contact.htm content/contact.php [L]
    RewriteRule ^terms.htm content/terms.php [L]
    RewriteRule ^privacy-policy.htm content/privacy.php [L]
    RewriteRule ^sitemap.htm content/site-map.php [L]
    RewriteRule ^advanced-search.htm content/search.php [L]
    RewriteRule ^map.htm content/map.php [L]
    RewriteRule ^register-new-account.htm content/account/register.php [L]
    RewriteRule ^login.htm content/account/login.php [L]
    RewriteRule ^logout.htm content/account/logout.php [L]
    RewriteRule ^forgot-my-password.htm content/account/recoverpassword.php [L]
    RewriteRule ^settings.htm content/account/settings.php [L]
    RewriteRule ^my-account/$ content/account/index.php [L]
    RewriteRule ^offer/(.+)/(.+)/$ index.php?category=$1&type=0&location=$2 [L]
    RewriteRule ^offer/(.+)$ index.php?category=$1&type=0 [L]
    RewriteRule ^need/(.+)/(.+)/$ index.php?category=$1&type=1&location=$2 [L]
    RewriteRule ^need/(.+)$ index.php?category=$1&type=1 [L]
    RewriteRule ^classifieds/(.+)/([0-9]+)$ index.php?location=$1&page=$2 [L]
    RewriteRule ^classifieds/(.+)/$ index.php?location=$1 [L]
    RewriteRule ^(.+)/(.+)/(.+)/$ index.php?category=$2&location=$3 [L]
    RewriteRule ^(.+)/(.+)/$ index.php?category=$2 [L]
    RewriteRule ^category/(.+) $1/ [R=301,L]
    RewriteRule ^(.+)/(.+)/(.+)/([0-9]+)$ index.php?category=$2&location=$3&page=$4 [L]
    RewriteRule ^(.+)/$ index.php?category=$1 [L]
    RewriteRule ^(.+)/(.+)/([0-9]+)$ index.php?category=$2&page=$3 [L]
    RewriteRule ^(.+)/([0-9]+)$ index.php?category=$1&page=$2 [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.+)/(.+)/(.+)/(.+)$ /$3/$4-$1.htm [R=301,L]
    RewriteRule ^(.+)/(.+)/(.+)-([0-9]+).htm$ item.php?category=$2&item=$4 [L]
    RewriteRule ^(.+)/(.+)-([0-9]+).htm$ item.php?category=$1&item=$3 [L]

    I DID TRY adding

    RewriteCond %{HTTP_REFERER} !^*$ [NC]
    RewriteCond %{HTTP_REFERER} !^$ [NC]
    RewriteCond %{HTTP_REFERER} !^*$ [NC]
    RewriteCond %{HTTP_REFERER} !^$ [NC]
    RewriteCond %{HTTP_REFERER} !^https?://(www\.)?facebook\.com [NC]
    RewriteRule \.(gif|jpg|jpeg|png)$ [NC,R,L]
    to both forum and classifieds but it did not work !
  • For some reason my code is not Protecting ALL images at

    onlu some. My front page images are protected, but not my gallery pics (which are just another page) ?? I dont understand this crap!
  • camocamo New
    edited October 2011
    Actually I just realised if I block empty referrers, then anyone using a proxy or behind a firewall etc may not be able to see pics on my site.

    Is a conditional rewrite rule possible? for example:

    If they do this..(anywhere but my domain)

    <img src=""/>;

    They get a specific image instead, BUT..

    If they do this....

    <a href=""/><a great pic</a>

    then when the link is clicked, it redirects to a specific page.

    Thats what Id like to do, possible?
  • camocamo New
    edited October 2011
    Heres an example of redirecting to a page thats supposed to work (atleast at the time of writing)

    Here’s how I do it. First, we slap that regex down on the incoming HTTP request to gauge whether it’s a hotlinked image.

    RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g|png)$ [NC]
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !underscorebleach\.net [NC]
    RewriteCond %{HTTP_REFERER} !bloglines\.com [NC]
    RewriteCond %{HTTP_REFERER} !google\. [NC]
    RewriteCond %{HTTP_REFERER} !search\?q=cache [NC]
    RewriteRule (.*) /view_image.shtml?/$1 [R,NC,L]
    Lines 2 through 6 allow hotlinking from my site, Bloglines, Google, and cached items. I also allow requests with a null HTTP_REFERER value to obtain the image; this occurs in the case of bookmarks, some proxies, some browser settings, some third-party privacy plugins, etc. If you try to get tricky and force users to have a referrer from your own domain, you’re likely to get yourself in trouble. Trust me.

    The last line redirects users to an SHTML page. Notice that I pass the value of the REQUEST_URI as a parameter in the URL to view_image.shtml. In the source, I then use a simple SSI directive to output the image.

    Could a redirect 403 permission denied (custom page) work?
    apache rewrite seems rather inflexable.
Sign In or Register to comment.