vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   Attachment.php hotlinking (https://vborg.vbsupport.ru/showthread.php?t=76085)

GlitterKill 02-10-2005 02:37 PM
Attachment.php hotlinking
 
How can I keep people from hotlinking to attachments? I already stop hotlinks for images. I cannot simply add php to the set since it will prevent people from linking to our article which are php as well.

Any ideas how to keep attachment.php specifically from being hotlinking from outside the domain?

I figured it out... here is the code I used in .htaccess to prevent hotlinking for attachment.php and avatar.php

Code:
<FilesMatch "attachment\.php">
        ErrorDocument 403 http://mydomain.com/sorry.gif
        SetEnvIf Referer "^http://www\.pimprig\.com" good_referal
        SetEnvIf Referer "^http://pimprig\.com" good_referal
        SetEnvIf Referer "^http://forums\.pimprig\.com" good_referal
        SetEnvIf Referer "^http://gallery\.pimprig\.com" good_referal
        SetEnvIf Referer "^http://links\.pimprig\.com" good_referal
        SetEnvIf Referer "^http://reviews\.pimprig\.com" good_referal
        SetEnvIf Referer "^http://guides\.pimprig\.com" good_referal
        SetEnvIf Referer "^http://systems\.pimprig\.com" good_referal
        SetEnvIf Referer "^http://articles\.pimprig\.com" good_referal
        SetEnvIf Referer "^http://news\.pimprig\.com" good_referal
        SetEnvIf Referer "^http://team\.pimprig\.com" good_referal
        SetEnvIf Referer "^$" good_referal

        Order Deny,Allow
        Deny from all
        Allow from env=good_referal
</FilesMatch>
<FilesMatch "avatar\.php">
        ErrorDocument 403 http://mydomain.com/sorry.gif
        SetEnvIf Referer "^http://www\.pimprig\.com" good_referal
        SetEnvIf Referer "^http://pimprig\.com" good_referal
        SetEnvIf Referer "^http://forums\.pimprig\.com" good_referal
        SetEnvIf Referer "^http://gallery\.pimprig\.com" good_referal
        SetEnvIf Referer "^http://links\.pimprig\.com" good_referal
        SetEnvIf Referer "^http://reviews\.pimprig\.com" good_referal
        SetEnvIf Referer "^http://guides\.pimprig\.com" good_referal
        SetEnvIf Referer "^http://systems\.pimprig\.com" good_referal
        SetEnvIf Referer "^http://articles\.pimprig\.com" good_referal
        SetEnvIf Referer "^http://news\.pimprig\.com" good_referal
        SetEnvIf Referer "^http://team\.pimprig\.com" good_referal
        SetEnvIf Referer "^$" good_referal

        Order Deny,Allow
        Deny from all
        Allow from env=good_referal
</FilesMatch>

shiva 02-10-2005 11:00 PM
Looks interesting, but a little confused. how would this affect the existing htaccess, could you just add this with the other code? Other question is I'm pretty new to this type of code, and I don't use subdomains, so would my code be instead of this:

Code:
SetEnvIf Referer "^http://forums\.pimprig\.com" good_referal
it would be this? :

Code:
SetEnvIf Referer "^http://www\.pimprig\.com\.forums" good_referal
SetEnvIf Referer "^http://pimprig\.com\.forums" good_referal

noppid 02-10-2005 11:04 PM
Maybe just turn off attachments for guests?

Zachery 02-10-2005 11:26 PM
Quote:
Originally Posted by noppid
Maybe just turn off attachments for guests?
Send them a HUGE 1600x1600 clear gif file (about 2.83k ;)) :)

noppid 02-11-2005 12:05 AM
Quote:
Originally Posted by Zachery
Send them a HUGE 1600x1600 clear gif file (about 2.83k ;)) :)
Very creative.

Zachery 02-11-2005 12:24 AM
Quote:
Originally Posted by noppid
Very creative.
I can't be all good now can i >D

GlitterKill 02-11-2005 02:29 PM
It should work fine with yoru other .htaccess code. Just add this at the bottom.

If you dont haev subdomains just delete the lines you dont need and change "pimprig" to your own subdomain. :)

T3MEDIA 02-11-2005 03:58 PM
is this placed in the root or in the forum folder where the php files are? This is onething I was never sure on.

GlitterKill 02-12-2005 11:35 AM
YOu can place it in the root web folder or the forums folder. :) Try it one way then test to make sure it's working. :)

clearchannel 02-25-2005 10:43 PM
Would someone be so kind as to point out where I would place the code above. This is what my current htaccess looks like:

Code:
Options ExecCGI FollowSymLinks Includes
DirectoryIndex index.php index.htm index.html
AddHandler cgi-script .cgi
AddType application/x-httpd-cgi .cgi

<Limit GET>
order allow,deny
allow from all

deny from xxx.xxx.xx.x
deny from xxx.xxx.xx.xx

[/limit]
Thanks in advance.


All times are GMT. The time now is 06:07 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.00988 seconds
  • Memory Usage 1,737KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (4)bbcode_code_printable
  • (3)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete