Greenguy's Board

Greenguy's Board (http://www.greenguysboard.com/board/index.php)
-   Programming & Scripting (http://www.greenguysboard.com/board/forumdisplay.php?f=15)
-   -   special anty hotlink (http://www.greenguysboard.com/board/showthread.php?t=10038)

benek 2004-08-10 10:10 AM
special anty hotlink
 
hi

i need such antyhotlink that from other domain hotlink will impossible but from my own domain will possible?

do you know how to do this?

Anothers 2004-08-10 11:23 PM
it's easy with htaccess

Code:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$ [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://cgi.(aol\.)?ebay\.com [NC]
RewriteCond %{HTTP_REFERER} !^(wy[sc]iwyg://[0-9]*/)?http(s)?://YOUR_SITE_IP [NC]
RewriteCond %{HTTP_REFERER} !^(wy[sc]iwyg://[0-9]*/)?http(s)?://YOUR_SITE_DOMAIN [NC]
RewriteCond %{HTTP_REFERER} !^(wy[sc]iwyg://[0-9]*/)?http(s)?://OTHER_SITE_DOMAIN [NC]
RewriteRule \.(bmp|gif|jpe?g)$ - [F,L]
where
YOUR_SITE_IP = your server ip 123.123.123.123
YOUR_SITE_DOMAIN = www.my_cool_domain.com

OTHER_SITE_DOMAIN - other domain that you allow hotlink

dgraf 2004-08-11 08:18 AM
All the rules are trickable as they are shown here and almost everywhere on the web. Always terminate the condition line by something like this --

Code:
        (/|\?|$)
Example --

Code:
RewriteCond %{HTTP_REFERER} !^(wy[sc]iwyg://[0-9]*/)?http(s)?://YOUR_SITE_IP(/|\?|$) [NC]
Otherwise the referer can by tricked by passing referer like this one -
http://www.yourdomain.com.my-evil-hotlinkingdomain.com

It is not a problem to setup a vhost which will fit your regexp needs and this mistake is the worse since it is highly predictable.

Another good idea should be allowing access to pictures from image searches and probably from local stored pages too.

Code:
# Allow Saved Pages
RewriteCond    %{HTTP_REFERER} !^file://.*$                                    [NC]

# Search Engines
RewriteCond    %{HTTP_REFERER} !^http://([^/]*\.)?google\.(.{2}\.)?.{2,3}/.*$  [NC]
RewriteCond    %{HTTP_REFERER} !^http://([^/]*\.)?yahoo\.(.){2,3}/.*$          [NC]
RewriteCond    %{HTTP_REFERER} !^http://216\.239\.59\.104/.*$                  [NC]
RewriteCond    %{HTTP_REFERER} !^http://64\.233\.161\.104/.*$                  [NC]
RewriteCond    %{HTTP_REFERER} !^http://66\.102\.7\.104/.*$                    [NC]
RewriteCond    %{HTTP_REFERER} !^http://64\.233\.167\.104/.*$                  [NC]
RewriteCond    %{HTTP_REFERER} !^http://216\.239\.41\.104/.*$                  [NC]
RewriteCond    %{HTTP_REFERER} !^http://216\.239\.39\.104/.*$                  [NC]
(just example without editing)

Oh my god I did it! My first post here ...

(edited to add the code tags)

Anothers 2004-08-11 07:40 PM
yeap

dgraf is right about that ("always terminate the condition line")

EDITED:
it can be easy tricked with vhosts when there is no termination


All times are GMT -4. The time now is 08:50 PM.

Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
© Greenguy Marketing Inc