CUTCODEDOWN
Minimalist Semantic Markup

Welcome Guest
Please Login or Register

If you have registered but not recieved your activation e-mail in a reasonable amount of time, or have issues with using the registration form, please use our Contact Form for assistance. Include both your username and the e-mail you tried to register with.

Author Topic: Hotlink protection  (Read 287 times)

durangod

  • Sr. Member
  • ****
  • Posts: 364
  • Karma: +5/-0
  • Weebles Wobble - but they dont fall down!
Hotlink protection
« on: 8 Dec 2023, 04:41:29 am »
How is this example for hotlink protection? Good or bad..

if the image is hotlinked on another site and someone clicks on it, it will take them to a special page. 

Code: [Select]
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https://(www.)?my-website.com/.*$ [NC]
RewriteRule .(jpg|jpeg|gif|png|bmp)$ https://www.my-website.com/restricted.html [R,L]

Though i have not done or seen a bmp image in many many years..

Jason Knight

  • Administrator
  • Hero Member
  • *****
  • Posts: 1029
  • Karma: +188/-1
    • CutCodeDown -- Minimalist Semantic Markup
Re: Hotlink protection
« Reply #1 on: 8 Dec 2023, 09:21:51 pm »
Looks about right, though it's been a while since I did any httpd.conf and/or .htaccess coding.

And yeah, the BMP part is a bit of a laugh. I'd probably add .webp and avif to that.

Somewhat related I had issues when I switched to webp and avif when trying to set cache-control headers to tell pageSpeed and Lighthouse to shut the fark up. I had this:
Code: [Select]
<IfModule mod_headers.c>
<FilesMatch "\.(ico|jpg|jpeg|png|gif|swf|avi|wmv|mp4|ogg|js|css|webp|webm|avif)$">
Header set Cache-Control "max-age=2592000, public"
</FilesMatch>
</IfModule>

Which wasn't working, because Apache doesn't have the mime-type associations on the newer formats by default. Thus I had to add this:

Code: [Select]
AddType image/webp .webp
AddType video/webm .webm
AddType image/avif .avif

Being extension driven it should have worked, but NO...

I mean I'd have understood if this went bits up without the addType stuff for something like mod_deflate (which I wouldn't set on already encoded/encrypted images), but ... well, that's the idiocy of mime-types for you.
We are all, we are all, we are all FRIENDS! For today we're all brothers, tonight we're all friends. Our moment of peace in a war that never ends.

durangod

  • Sr. Member
  • ****
  • Posts: 364
  • Karma: +5/-0
  • Weebles Wobble - but they dont fall down!
Re: Hotlink protection
« Reply #2 on: 9 Dec 2023, 11:56:23 pm »
Great ....

So here is what i did...

first here is the htaccess (replace example.com with your website url)

Code: [Select]
#stop hotlinking of images
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https://(www.)?example.com/.*$ [NC]
RewriteRule .(jpg|jpeg|gif|png|webp|avif)$ https://www.example.com/restricted_image.html [R,L]




And the simple down and dirty html page called restricted_image.html

There is no external css file because its just a simple 1  page  easy html with nothing fancy.

Code: [Select]

<!DOCTYPE html>
<html lang="en">
<head>
   
<meta charset="utf-8">   

   <!-- favicon -->
  <link rel="shortcut icon" href="favicon.ico">

  <title>Restricted Image - Images Cannot Be Hotlinked</title>

<style type="text/css"> 

h4 {
    text-align: center;
}

.center {
    margin-left: auto;
    margin-right: auto;
    border: 0px;
}

.offwhite {
    background-color: #d4d4e1;
    color: #000000;
    padding: 0.65em;
    border-radius: 1.56em;
}

.nodots {
    list-style: none;
    max-width: 50em;
}

.generaltxt {
    font-size: 1em;
    display:flex;
}

</style>
 
</head>
<body>
 <br>
 <br>
 <ul class="nodots center">
  <li>
   <h4>HotLinked Image - Web Admin Please Remove The Referring Image From Your Website</h4>
  </li>
  <li>
    <div class="offwhite">
    <span class="generaltxt"> You are seeing this page because you clicked or viewed a hotlinked image on some website that was a restricted image.  Restricted images are those that  are not approved
    for display on other websites without permission.  The developer of the website for which you saw the image did NOT have permission to add OUR image.  They may have been doing what
    is called hotlinking.  This is when they use OUR images (without permission) to get extra clicks on their website. Again, if you are the developer of the referring website, please remove
    our image from your website as soon as possible.  We will contact your host if you ignore this request. Thank you and if this was an unintentional mistake on your part, we understand and
    apologize for this aggressive message. </span>
   </div>
  </li>
 </ul>
</body>
</html>


PS  now you could also do just an image rather than a html file.  Some people just force an image to be shown that says something like "HotLinked Restricted Image".  (some even use profanity in the image - i dont recommend that - it could get your site banned)   To use an image just change the html in the htaccess to the image url on your site, you dont have to even create a html file if you dont want to that way. 
« Last Edit: 10 Dec 2023, 12:24:10 am by durangod »

Jason Knight

  • Administrator
  • Hero Member
  • *****
  • Posts: 1029
  • Karma: +188/-1
    • CutCodeDown -- Minimalist Semantic Markup
Re: Hotlink protection
« Reply #3 on: 25 Dec 2023, 09:53:28 am »
What's with the presentational classes, DIV for nothing, LIST around something that's clearly NOT a list of SEPARATE items?
We are all, we are all, we are all FRIENDS! For today we're all brothers, tonight we're all friends. Our moment of peace in a war that never ends.

durangod

  • Sr. Member
  • ****
  • Posts: 364
  • Karma: +5/-0
  • Weebles Wobble - but they dont fall down!
Re: Hotlink protection
« Reply #4 on: 25 Dec 2023, 10:02:32 am »
Thats old....  after our discussion the other day about tags i fixed all that, its all good now  :)

 

SMF spam blocked by CleanTalk

Advertisement