Announcement

Collapse
No announcement yet.

How do i protect from hotlinking my attachment files?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • How do i protect from hotlinking my attachment files?

    Hello

    How do I protect my attachments so other sites won't hotlink them hard?

    The problem is that other sites started hotlinking my attachment.php files (which as we all know actually open attachments) and this causes me problems..

    My friend suggested me to fix that by the following .htaccess code:

    [start of .htaccess code]

    AddHandler server-parsed .html
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} ^http://
    RewriteCond %{HTTP_REFERER} !^http://www.urlhere.net [NC]
    RewriteCond %{HTTP_REFERER} !^http://urlhere.net [NC]
    RewriteRule .*\.(gif|GIF|jpg|JPG)$ http://www.urlhere.net/ [L,R]
    RewriteCond %{HTTP_REFERER} !^http://www.urlhere.net [NC]
    RewriteCond %{HTTP_REFERER} !^http://urlhere.net [NC]
    RewriteRule .*attachment\.php*.$ http://www.urlhere.net/ [L,R]

    ErrorDocument 401 /
    ErrorDocument 403 http://www.urlhere.net/
    ErrorDocument 404 http://www.urlhere.net/
    ErrorDocument 500 http://www.urlhere.net/

    order allow,deny
    allow from all

    [end of .htaccess code]

    But then the problem is that people started complaining that they don't see pictures (attachments) on my site, just [x] images

    Another big problem is that when i click on "upload attachment" button it redirects me, because the link starts with newattachment.php, so it is also getting somehow "protected" i.e. redirected to main URL.....

    Please suggest me a solution.
    thanks

  • #2
    Code:
    <Files attachment.php>
    Options +FollowSymlinks 
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomainname.com(/)?.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourserversip(/)?.*$ [NC]  
    RewriteRule attachment.php               [F]
    </Files>
    http://www.virtualinfusion.net
    An Anime and Manga discussion forum.

    Comment


    • #3
      thank you, seems like it works

      Comment


      • #4
        You can also prohibit guests from viewing attachments, that way no other site can hotlink your pictures and you don't have to use the .htaccess rules.

        Comment


        • #5
          did it work ??

          Comment


          • #6
            Morparx - could you please post step by step where that code goes

            yeah another noob

            Thanks
            Rick Grunwald
            http://grunwalds.com
            XP home SP2, Celeron 2gb, 2GB RAM, Zone Alarm Security Suite

            Comment


            • #7
              Why don't you just prevent guests from viewing your attachments?

              Comment


              • #8
                I have garphics that I would like viewed in the threads and don't want them appearing as "attachments" as such
                I post some jigsaw puzzles with a small thumbnail - if I turn off viewing they won't see the picture but rather a link - please correct me if I'm wrong
                Thanks
                Last edited by Rick Grunwald; Tue 5 Apr '05, 6:22pm.
                Rick Grunwald
                http://grunwalds.com
                XP home SP2, Celeron 2gb, 2GB RAM, Zone Alarm Security Suite

                Comment


                • #9
                  Originally posted by Rick Grunwald
                  Morparx - could you please post step by step where that code goes

                  yeah another noob

                  Thanks
                  create an .htaccess file if you dont have one already (if you are on a windows machine you will probably have to name it htaccess.txt & then rename it to .htaccess once uploaded) then paste the code into that file and edit in your domain/ip info.

                  after you save it simply upload it to the folder in which your forum resides and you will be all set
                  http://www.virtualinfusion.net
                  An Anime and Manga discussion forum.

                  Comment


                  • #10
                    You said:

                    But then the problem is that people started complaining that they don't see pictures (attachments) on my site, just [x] images
                    using the .htaccess file - That is what I am trying to avoid

                    However I was just thinking (over my first cup of coffee in the am and not yet awake) I keep the attached files and thumbnails above the public root folder.Hy host uses cpanel and allows one to shut off hot linking on a per folder basis.

                    I just don't want the graphic thumbnails to not be viewable as pics. If you have a second check out the forums at the domain in my sig. "Games and Puzzles" shows the format I want to preserve

                    Thanks
                    Last edited by Rick Grunwald; Sat 23 Apr '05, 7:29am.
                    Rick Grunwald
                    http://grunwalds.com
                    XP home SP2, Celeron 2gb, 2GB RAM, Zone Alarm Security Suite

                    Comment

                    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                    Working...
                    X