I have seen the thread which was here a couple of days ago,about how to stop the hot linking to gif/jpg files on a raq,and it was great.
However i also have SWF files on my site,and i wanted to know if there is any way to stop anyone from hotlinking to those files?

Thanks!

Ehud

I can't imagine it would be much different. Post the link to the post por favor.

Yas, just the same thing, i think, (sorry ;), only change the extension...

or you could use some java script?

didnt seem to work,here is what i tried:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://jokefrog.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.jokefrog.com/.*$ [NC] RewriteRule .*\(gif|GIF|jpg|JPG|swf|SWF)$ http://www.jokefrog.com/bad.jpg [R]

Am i doing something wrong?

Ehud

Originally posted by ehudal
didnt seem to work,here is what i tried:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://jokefrog.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.jokefrog.com/.*$ [NC] RewriteRule .*\(gif|GIF|jpg|JPG|swf|SWF)$ http://www.jokefrog.com/bad.jpg [R]

Am i doing something wrong?

Ehud



Remember, that even though this works, it won't stop people that don't show a referrer and some files you might not want to allow without one. Anyway, change it to this:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://jokefrog.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.jokefrog.com/.*$ [NC]
RewriteRule .*\.(gif|GIF|jpg|JPG|swf|SWF)$ http://www.jokefrog.com/bad.jpg [R]


Note the difference between:

RewriteRule .*\(gif|GIF|jpg|JPG|swf|SWF)$

And:

RewriteRule .*\.(gif|GIF|jpg|JPG|swf|SWF)$

Also, it might be better to expressly deny all and then allow only certain extensions, so you can have better control, by expressly allowing things one by one, since there's likely going to be a smaller list of things you will allow from no referral or imporper referrals, than the reverse of that.

Thanks,but i just tried your soultion,and it doesnt seem to work:(
check this out:
http://www.freemoneyworld.com/l.html
the SWF file is hosted on jokefrog.com/pictures/
and this is where i uploaded the .htacsses file that you described.

Again,am i doing something wrong here?

Thanks ,

Ehud

Originally posted by ehudal
Thanks,but i just tried your soultion,and it doesnt seem to work:(
check this out:
http://www.freemoneyworld.com/l.html
the SWF file is hosted on jokefrog.com/pictures/
and this is where i uploaded the .htacsses file that you described.

Again,am i doing something wrong here?

Thanks ,

Ehud

You didn't literally name the file ".htacsses", did you? If so, that's your problem. If that was a typo, then perhaps you can give a little more detail? Is mod_rewrite enabled for that dir/path? Or the site in general? That ought to work... I'm not sure what's wrong otherwise, it's hard to guess.

Nope,that was a typo;)

>>Is mod_rewrite enabled for that dir/path? Or the site in general? That ought to >>
Have no idea what that meant,im really newbie to servers;)
I do know,however that it does work for gif/jpg files,but for SWF files for some reasons it does not.

Ehud

can you do this sort of protection on a shared account?

Im running on a dedciated server.(raq3 from 4webspace)

Ehud

Bump...

Anyone?

Ehud

Originally posted by ehudal
Bump...

Anyone?

Ehud

Sorry, but that ought to work with what you and I posted. You say it works with image files, what is different from that? With the information I have, I'm not sure what else to suggest? Maybe I'm missing something?

Perhaps embedding an image or other file doesn't actually have a referrer? Perhaps this is your problem? I was helping someone out previously, where we'd deny all files, other than .htm, .html, .shtml, .php, etc. and deny everything else unless there was a valid referrer, but people were still embedding midi files into their WebTV emails to each other, which didn't carry the referrer. As you can see, The rewrite rules check that there's a referrer, before they check against it, or it could deny browsers that don't have any, or any file before it checks what files there are that are supposed to be invalid or valid file types, because it'll autmatically fail anyway. Which is why is does the test of !^$ first.

So, perhaps you can just specifically not put in a rule to check for a referrer field at all, for some of the file type's, since anyone with a browser that will support .swf files, will certainly carry the referrer field. And I mean, yes, check the referrer, but not to see if there's a referrer existing, because that will fail on the inital check and not get to where it checks against valid addresses and checks the file type's, since it'll all come back as no referrer field, so it'll allow it all, no matter what. That's to make sure browsers that don't have referrer's aren't denied from viewing anything, but now it allows them to view everything.

So, to deny everything that doesn't have a referrer for only specific files that should definitely have one to view said file, is what we did to the midi file problem to completely secure the site from remote calling, etc. No one will be viewing .swf files, unless they have a browser that will carry this field. So, just, and specifically for those files only, deny any linking unless it's expressly and specifically calling to a file by the valid referrer. This way, you can fully protect them, while protecting linking or calls to the other files, which as images, etc. This ought to solve the problem.

Keep in mind though, it's not difficult to trick the referrer field, but most people don't know how to do this. If that's a major problem still, there's still other solutions that will work great, but will require some knowledge and effort, although not too much. Of course, I don't get the feeling people are linking to lots of files on your site that are that intent on continuing to link to them. try that and see if it works, it should, unless there's something wrong with how the web server and mod_rewrite is set up or how it allows certain directives to not function properly... but it seems it works fine with the images blocking, so try that suggestion.

[Edited by Tim_Greer on 03-24-2001 at 09:49 PM]