vb.org Archive - Disallow attachment hotlinking (htaccess)

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- Forum and Server Management (https://vborg.vbsupport.ru/forumdisplay.php?f=232)

- - Disallow attachment hotlinking (htaccess) (https://vborg.vbsupport.ru/showthread.php?t=270893)

squishi

09-25-2011 04:02 PM

Disallow attachment hotlinking (htaccess)

Another forum has hotlinked an attachment image of my forum.
Here are my htaccess rules. They don't work.

Quote:

#hotlinking rules
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?subdomain\.mydomain\.com [NC]
RewriteRule \.([Gg][Ii][Ff]|[Jj][Pp][Gg]|flv|swf)$ http://mydomain.com/nohotlinking.jpeg [NC,R,L]

#attachments
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com [NC]
RewriteRule attachment\.php\?attachmentid=\d+(\&d\=\d+)?$ http://mydomain.com/nohotlinking.jpeg [NC,R,L]

The attachment image is still loading on the other site.

Could it be that no referer is sent if an attachment image is embedded on a site as an image?
But the second check does not allow an empty referer. So either way, the hotlinking image should be shown instead of the attachment...

souperman

09-28-2011 05:30 AM

I'm not much of a mod_rewrite person, but could it be that they're not using www?

Frosty

09-28-2011 07:44 PM

I'm looking for a solution as well. Tried .htaccess myself, and tried a plugin and hacked attachment.php file from vB.org - none worked. I host video files, so it would suck if someone starts hotlinking them, lol.

souperman

09-29-2011 04:46 AM

You need to add *

PHP Code:


		
			
RewriteCond %{HTTP_REFERER}!^http://(www\.)?mydomain.com/.*$ [NC]

Frosty

09-29-2011 05:19 AM

Thanks for trying to help, but no change. I can still hotlink my attachments...

Boofo

09-29-2011 07:16 AM

Here is what I use and it works fine for me.

Code:

# Hotlink Protection - images

RewriteCond %{HTTP_REFERER} !^$

RewriteCond %{HTTP_REFERER} !^http://(.+\.)?yoursite\.com/ [NC]

RewriteRule .*\.(jpe?g|gif|bmp|png|mp3|pdf|psd)$ /forums/images/nohotlinking.jpg [L]



# Hotlink Protection - attachments

RewriteCond %{HTTP_REFERER} !^$

RewriteCond %{HTTP_REFERER} !^http://(.+\.)?yoursite\.com/ [NC]

RewriteRule .*attachment\.php*$ http://www.yoursite.com/forums/images/nohotlinking.jpg [L,R,NC]

Frosty

09-30-2011 10:17 AM

Doesn't work either... It maybe works for you because you use some sort of a SEO mod or vB4, where attachments end with their own extension, and not with php extension, or you don't allow viewing of attachments to guests. Anyhow, I've pretty much checked every thread on vB.com/vB.org related to attachment hotlinking, and none of the .htaccess snippets, plugins and file hacks aren't working.

Boofo

09-30-2011 10:41 AM

No SEO stuff. But I don't allow guests to view attachments. never saw any reason to. I even have it set up where I allow hot-linking from one specific directory and no others.

Frosty

09-30-2011 11:28 AM

Well yeah, I do want my guests to be able to view attachments as I host pictures and videos - so having them enabled for guests on my site isn't a problem - as I don't want anyone to sign up because of few pictures, or one video. But I don't want anyone eating up my bandwidth by linking longer videos to their sites either.

squishi

09-30-2011 04:33 PM

Quote:

Originally Posted by Boofo (Post 2251160)

Here is what I use and it works fine for me.

Code:

RewriteCond %{HTTP_REFERER} !^$

RewriteCond %{HTTP_REFERER} !^http://(.+\.)?yoursite\.com/ [NC]

RewriteRule .*attachment\.php*$ http://www.yoursite.com/forums/images/nohotlinking.jpg [L,R,NC]

Cool. That worked for me! Thank you very much, Boofo!

Some questions/comments about your solution:
You match "(.+\.)?". Any referer that will end with ".yoursite.com/" can still hotlink your images. So it's probably better to use "(www\.)?", unless you also want to allow subdomains.

Just a theoretical question: Is the dollar sign in the match pattern really needed? Because once the "*" is reached, it will match all the following characters. But I guess you need to tell the pattern where to start the search...

I don't know why my solution did not work. Maybe it was the pattern, maybe it was the NC,R,L... :rolleyes:

Boofo

10-01-2011 04:34 AM

Quote:

Originally Posted by squishi (Post 2251678)

Yes, that will match your site link with the www or without. As far as the pattern goes, my idea on that is, if it works, does it really matter? ;) To be honest, I don't understand all the regex stuff yet. I am still learning.

All times are GMT. The time now is 05:49 PM.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01074 seconds Memory Usage 1,740KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (2)bbcode_code_printable (1)bbcode_php_printable (3)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_navbar_search (1)printthread (11)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: