It's eating my bandwidth, I've tried using the many .htaccess files around the web, but when I place one in my raq 4's root web dir for the desired site, and then try to access the site via my browser I get an access denied error. Is there any sort of configuration/installation I'm missing? I don't know if raq 4i's come standard with mod_rewrite, or perhaps I'm just misconfigured.

This is what I've used for one client site in an .htaccess file

SetEnvIfNoCase Referer "yourdomain.com" local_ref=1
<FilesMatch ".(gif|jpg)">
Order Allow,Deny
Allow from env=local_ref
</FilesMatch>

I think there is something that has to be done in one of the configuration files to get .htaccess files to work.. I had to add a line to a file that I can't remember the name of.. maybe.. access.conf (anyone?)

allow overide all

or something like that..

I could not get password protected folders to work until I did that, the above file *may* work without this but I doubt it.

Strange thing though.. I notice that on google.com/images, my client's images work.. Although If you copy the address of a given image and try to load it by the address bar, you get file denied messsage.. Not sure what google does to make it work but it seems to.

I know it works because I've seen images as red x's on message boards that were called from the site that did work at one time (before adding the above file) and the warez site that was using my client's box art to help them give away his product also had the red x thing were they used to have images..

Hope this helps..

Shortimagemongerness

AllowOverride All ???

Probably should not use All

Security issue.

Originally posted by NewonNet
AllowOverride All ???

Probably should not use All

Security issue.

Actually, after much reading on the subject, I'm less sure of that being true than I was before I started.

There are two places (at least) where you can add/change that line.. one is near the top of the access.conf file, the other is towards the middle or bottom of the file, and deals exclusively with .htaccess files.

Changing the line where it deals with .htaccess, from what I can read, is not unsafe, changing it in the upper section *is* unsafe..

I read through the archives on google can net you a TON of contradictory information..

If it is unsafe, I'd like to know exactly what to put in there that would work (not break .htaccess) and be solid and secure..

Till then, for me to change it and not have the password protected folders work again (as with default RaQ4i settings) would be a disaster..

Shortness

I use the following to prevent other from liniking to gifs and jpegs... but you could use it for any file extension.

The RewriteCond line should have any domain/www.domain that you want to be able to link to your files. Obviously your own have to be in there.

The RewriteRule line tells Apache what file types this applies to... in my case it is for gif and jpg only... then it tells what to send to the requester of a hotlinked file. In this case I will serve the thief.gif file in place of all hotlink requests for jpg and gif files.

In my case I created a gif with my URL as the image and named it thief.gif. Now whenever anyone tries to link to my photos they will get a nice advertisement with my URL instead.

--------------------------------

RewriteEngine on
RewriteOptions inherit
RewriteCond %{HTTP_REFERER} !http://yourdomainname.com/
RewriteCond %{HTTP_REFERER} !http://www.yourdomainname.com/
RewriteRule .*[Jj][Pp][Gg]$|.*[Gg][Ii][Ff]$ http://yourdomainname.com/thief.gif

----------------------------------

--Jon

oh my. that's excellent. thank you jon!

Originally posted by indyjon
--------------------------------

RewriteEngine on
RewriteOptions inherit
RewriteCond %{HTTP_REFERER} !http://yourdomainname.com/
RewriteCond %{HTTP_REFERER} !http://www.yourdomainname.com/
RewriteRule .*[Jj][Pp][Gg]$|.*[Gg][Ii][Ff]$ http://yourdomainname.com/thief.gif

----------------------------------

I like this!... now for a newbie type question.. is this the content of an .htaccess file or an addition to httpd.conf?

Shortness

that would go in a .htaccess file.....

Originally posted by indyjon

--------------------------------

RewriteEngine on
RewriteOptions inherit
RewriteCond %{HTTP_REFERER} !http://yourdomainname.com/
RewriteCond %{HTTP_REFERER} !http://www.yourdomainname.com/
RewriteRule .*[Jj][Pp][Gg]$|.*[Gg][Ii][Ff]$ http://yourdomainname.com/thief.gif

----------------------------------

--Jon [/B]

That's good. Bummer for GOOGLE Image Search engine.. I use that alot for pictures that I need for computer parts and etc...

There is alot of that and people should check their logs alot more.

The code is actually good. I thought of renameing the change the picture to show the domain is comming from but than you have to change your html code to point to the new image file. But the HTTP_REFERER is good :D

The code is actually good. I thought of renameing the change the picture to show the domain is comming from but than you have to change your html code to point to the new image file. But the HTTP_REFERER is good
I'm not quite sure what you mean, but I've linked the rewriterule to a minibanner with our sitename and logo on it. If people steal our bandwidth, we might as well put a little "advertising" on their pages. That's fair ;)

Originally posted by Pingu

I'm not quite sure what you mean, but I've linked the rewriterule to a minibanner with our sitename and logo on it. If people steal our bandwidth, we might as well put a little "advertising" on their pages. That's fair ;)

That's nice. I actually feel bad that I took some pictures off some sites and was too lazy to d/l and added to the code. While using miva, you can add products and directly use a http link or /path on site. I really didn't care about it because I was paid pennies for the site and, but if the guy finds out via logs he can do what you just said. :D

I'll do more research on .httaccess...

:eek: What to @#@... while typing this I get a popup with GATOR Corp to install some lame program... I herd of them... I need... to rebuild my system. Got very muddy and slow :D

Won't this still take up bandwidth?

Yes, but I've got pictures up that are 100K+

But all hotlinkers see now is the mini-banner (about 3K).
That's quite a difference in bandwidth usage, and it shows the original site: our sitename and logo :)

I've got a costumer who's opening pictures in a new browser window from a flash animation.

both version of the thief protection don't recognize that it's a local referer; seems that (at least for ie) no HTTP_REFERER is set from within shockwave flash animations...

any ideas to go around this problem?

Don't know what I'm doing wrong... I just tried this on a RaQ4 but all I got was "Internal Server Error" when I dropped the .htaccess file in the directory.

I use .htaccess elsewhere and it works to limit access to only specific users listed in an associated .htpasswd file.


??ideas??

Thanks,

Jim Whitesell

I'm using this code and it works fine for me, but some users are complaining that the thief.gif is also displayed within my site. How can that be?

Do I only need one htaccess file for the whole site... or do I have to put this in the images folder?

Rewriteengine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://your_domain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.your_domain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.trusted.com/.*$ [NC]
RewriteRule .*\.(gif|GIF|jpg|JPG)$ - [F]

Originally posted by iplexx
I've got a costumer who's opening pictures in a new browser window from a flash animation.

both version of the thief protection don't recognize that it's a local referer; seems that (at least for ie) no HTTP_REFERER is set from within shockwave flash animations...

any ideas to go around this problem?

I'm having this exact same problem. Does anyone have any ideas (no answers were provided in the thread)?

Originally posted by HPV
Do I only need one htaccess file for the whole site... or do I have to put this in the images folder?
The code posted by WreckRman2 would do you well and it would go in the .htaccess file located in Document Root -- same place your Home page is.

If you have Parked Domains you need to them in the code and if you have Sub-domains you need to put the code in the .htaccess file for the Sub-directory.

Originally posted by Website Rob
The code posted by WreckRman2 would do you well and it would go in the .htaccess file located in Document Root -- same place your Home page is.

If you have Parked Domains you need to them in the code and if you have Sub-domains you need to put the code in the .htaccess file for the Sub-directory.

No, unfortunately the .htaccess segment WreckRman posted would not do me good.

It works fine for mozilla users, but for some reason IE does not send HTTP_REFERER along with flash movies. Hence it always comes up as being null....Hence if I use

RewriteCond %{HTTP_REFERER} !^$

80% of my site's users (or however many people are using IE these days) will not be able to normally use its movies.

Please have in mind that a lotf firewalls(!) and proxies block sending http_referer, some browsers has option to turn it off. From my experince I may says that hotlinking protection cuase a lot of trouble.