Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - Other
Author Message
spasticdonkey
RavenNuke(tm) Development Team


Joined: Dec 02, 2006
Posts: 1693
Location: Texas, USA

PostPosted: Mon May 07, 2007 6:24 pm Reply with quote

Well I have setup hotlink protection in .htaccess and it works, but there was one feature I couldnt quite get working. I am trying to substitute an image of my choosing, when someone hotlinks to one of mine

Code:
RewriteEngine on

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://mysite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://mysite.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com$      [NC]
RewriteRule .*\.(gif|jpg|mp3|css|js)$ http://www.mysite.com/angryman.gif [R,NC]


Is hotlink protection itself blocking the display of the image? Or have I made a mistake in there somewhere?

Just to warn others, one mistake I made at first was not including the address without the www too. Since my site works either way, I was blocking images from my own site Sad
 
View user's profile Send private message Visit poster's website
hitwalker
Sells PC To Pay For Divorce


Joined:
Posts: 5661

PostPosted: Mon May 07, 2007 7:31 pm Reply with quote

this should be enough i think..

RewriteCond %{HTTP_REFERER} !^http://(www\.)?yoursite.com(/)?.*$ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{REQUEST_URI} !/info/ [NC]
RewriteRule \.(png|gif|jpe?g)$ Only registered users can see links on this board! Get registered or login! [NC,R,L]

the folder info is where to put abuse image...
keep any used image small,prefered a few hundred bytes.
 
View user's profile Send private message
spasticdonkey
PostPosted: Thu May 10, 2007 1:57 pm Reply with quote

thanks I'll give it a try. Still recovering from a total pc meltdown so might be a bit. I also wanted to block
js flv css wmv mp3 files but assume I would do so on another line, like so?
Code:


RewriteCond %{HTTP_REFERER} !^http://(www\.)?yoursite.com(/)?.*$ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{REQUEST_URI} !/info/ [NC]
RewriteRule \.(png|gif|jpe?g)$ http://www.yoursite\.com/info/abuse.png [NC,R,L]
RewriteRule \.(js|css|flv|wmv|mp3)$ [NC,R,L]


i assume you were breaking the code with the "?" (jpe?g) any other breaks? Also does doing it this way remove the need to list the allowed domains by both Only registered users can see links on this board! Get registered or login! and yoursite.com ?

also, does this work if you draw the replacement image from another server/domain?

thanks Smile


Last edited by spasticdonkey on Thu May 10, 2007 2:10 pm; edited 1 time in total 
hitwalker
PostPosted: Thu May 10, 2007 2:00 pm Reply with quote

no...the code is like you see it...
long time ago i had to experiment a bit to realy get it working like i wanted..
but you expand it as you like..
 
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9456
Location: Arizona

PostPosted: Fri May 11, 2007 6:40 am Reply with quote

Quote:

i assume you were breaking the code with the "?" (jpe?g) any other breaks


I am not taking over the thread... Wink I just want to explain the above a bit (you cannot take the teacher out of me...):

The "e?", actually, is basically allowing this to match on both "jpg", without the "e" notice, and also "jpeg". That's all.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - Other

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©