Go Back   vb.org Archive > Community Discussions > Forum and Server Management
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 09-25-2011, 04:02 PM
squishi squishi is offline
 
Join Date: May 2006
Location: Frankfurt
Posts: 282
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Disallow attachment hotlinking (htaccess)

Another forum has hotlinked an attachment image of my forum.
Here are my htaccess rules. They don't work.
Quote:
#hotlinking rules
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?subdomain\.mydomain\.com [NC]
RewriteRule \.([Gg][Ii][Ff]|[Jj][Pp][Gg]|flv|swf)$ http://mydomain.com/nohotlinking.jpeg [NC,R,L]

#attachments
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com [NC]
RewriteRule attachment\.php\?attachmentid=\d+(\&d\=\d+)?$ http://mydomain.com/nohotlinking.jpeg [NC,R,L]
The attachment image is still loading on the other site.

Could it be that no referer is sent if an attachment image is embedded on a site as an image?
But the second check does not allow an empty referer. So either way, the hotlinking image should be shown instead of the attachment...
Reply With Quote
  #2  
Old 09-28-2011, 05:30 AM
souperman souperman is offline
 
Join Date: Mar 2011
Posts: 131
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I'm not much of a mod_rewrite person, but could it be that they're not using www?
Reply With Quote
  #3  
Old 09-28-2011, 07:44 PM
Frosty Frosty is offline
 
Join Date: Apr 2011
Posts: 166
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I'm looking for a solution as well. Tried .htaccess myself, and tried a plugin and hacked attachment.php file from vB.org - none worked. I host video files, so it would suck if someone starts hotlinking them, lol.
Reply With Quote
  #4  
Old 09-29-2011, 04:46 AM
souperman souperman is offline
 
Join Date: Mar 2011
Posts: 131
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You need to add *

PHP Code:
RewriteCond %{HTTP_REFERER}!^http://(www\.)?mydomain.com/.*$ [NC] 
Reply With Quote
Благодарность от:
Frosty
  #5  
Old 09-29-2011, 05:19 AM
Frosty Frosty is offline
 
Join Date: Apr 2011
Posts: 166
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks for trying to help, but no change. I can still hotlink my attachments...
Reply With Quote
  #6  
Old 09-29-2011, 07:16 AM
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Location: Des Moines, IA (USA)
Posts: 15,776
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Here is what I use and it works fine for me.

Code:
# Hotlink Protection - images
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?yoursite\.com/ [NC]
RewriteRule .*\.(jpe?g|gif|bmp|png|mp3|pdf|psd)$ /forums/images/nohotlinking.jpg [L]

# Hotlink Protection - attachments
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?yoursite\.com/ [NC]
RewriteRule .*attachment\.php*$ http://www.yoursite.com/forums/images/nohotlinking.jpg [L,R,NC]
Reply With Quote
Благодарность от:
Frosty
  #7  
Old 09-30-2011, 10:17 AM
Frosty Frosty is offline
 
Join Date: Apr 2011
Posts: 166
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Doesn't work either... It maybe works for you because you use some sort of a SEO mod or vB4, where attachments end with their own extension, and not with php extension, or you don't allow viewing of attachments to guests. Anyhow, I've pretty much checked every thread on vB.com/vB.org related to attachment hotlinking, and none of the .htaccess snippets, plugins and file hacks aren't working.
Reply With Quote
  #8  
Old 09-30-2011, 10:41 AM
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Location: Des Moines, IA (USA)
Posts: 15,776
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

No SEO stuff. But I don't allow guests to view attachments. never saw any reason to. I even have it set up where I allow hot-linking from one specific directory and no others.
Reply With Quote
  #9  
Old 09-30-2011, 11:28 AM
Frosty Frosty is offline
 
Join Date: Apr 2011
Posts: 166
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Well yeah, I do want my guests to be able to view attachments as I host pictures and videos - so having them enabled for guests on my site isn't a problem - as I don't want anyone to sign up because of few pictures, or one video. But I don't want anyone eating up my bandwidth by linking longer videos to their sites either.
Reply With Quote
  #10  
Old 09-30-2011, 04:33 PM
squishi squishi is offline
 
Join Date: May 2006
Location: Frankfurt
Posts: 282
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Boofo View Post
Here is what I use and it works fine for me.

Code:
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?yoursite\.com/ [NC]
RewriteRule .*attachment\.php*$ http://www.yoursite.com/forums/images/nohotlinking.jpg [L,R,NC]
Cool. That worked for me! Thank you very much, Boofo!

Some questions/comments about your solution:
You match "(.+\.)?". Any referer that will end with ".yoursite.com/" can still hotlink your images. So it's probably better to use "(www\.)?", unless you also want to allow subdomains.

Just a theoretical question: Is the dollar sign in the match pattern really needed? Because once the "*" is reached, it will match all the following characters. But I guess you need to tell the pattern where to start the search...

I don't know why my solution did not work. Maybe it was the pattern, maybe it was the NC,R,L...
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:37 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.09596 seconds
  • Memory Usage 2,263KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_code
  • (1)bbcode_php
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (2)post_thanks_box_bit
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (2)post_thanks_postbit
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete