Tags
- css
- galleries
- drsoft
- webber
- open source
- applications
- developers
- Webber
- protection
- guide
- files
- mod_rewrite
- downloads
- hotlinking
- htaccess
- leechers
- menu
- programming
- plugins
- ajax
- form validation
- jquery
- php
- ide
- editors
- progress bar css php
- modules
- blog
- speedy
- codeigniter
- buttons
- html
- email
- phpmailer
- sendmail
- smtp
- validation. user friendly
- file upload
- multiple
- login
- secure

Prevent hotlinking with htaccess0 comments

The why

I don't know about you but I get really annoyed when someone steals my entire design with a simple copy and paste into dreamweaver or something similar. I don't think there is a day when we don't receive requests from various url's which illegally host our design. I understand if you get inspired but please, be wise enough and hit "Save page as" from your browser. This process is called "Leeching" and not only that it represents a theft but it also loads your bandwith and your server's resources.

The how

The good thing is that there's a solution of which you may have heard. It's called ".htaccess hotlinking prevention" and it prevents the server from responding to requests originating from something else but not your domain. You must create a .htaccess file and put it at the root level of your server or inside the folder you wish to protect (the .htaccess file will affect the folder where is located and any folder beneath it). The code you must add inside the .htaccess file is very simple:

RewriteEngine on

RewriteCond % !^$

RewriteCond % !^http://(www\.)?mydomain.com(/)?.*$ [NC]

RewriteEngine on should enable mod_rewrite, the following 2 lines of code will instruct the server which domains are allowed to request your files. To add more domains is enough to re-use the third line:

RewriteEngine on

RewriteCond % !^$

RewriteCond % !^http://(www\.)?mydomain.com(/)?.*$ [NC]

RewriteCond % !^http://(www\.)?yourdomain.com(/)?.*$ [NC]

Selecting the extensions to protect

Ok, so we're the code ready. Next, we have to enumerate the file extensions we wish to protect by our .htaccess file. For this, we will have to add a final rule to our code:

RewriteRule .*\.(gif|jpe?g|png|bmp)$ [F,NC]

The extensions should be added inside the parenthesis separated by a pipe. Don't be scared by jpe?g and don't try to edit it thinking that I slipped by mistake the question mark. It's there to tell the server that the rulw is valid for both jpeg and jpg files. The $ (dollar) sign at the end of the rule tells the server to look for files that end with the specified extension. For example, without it, the server might block a 'somefile.jpg.exe' file which is out of your rule being an exe. F means that it's not allowed (Forbidden) to display that file unless you are in the list of allowed domains and NC means No Case (jpg and JPG being treated as same).

So what next?

Well, nothing unless you're really mad on this Leecher. If so, you might replace the requested/forbidden file with another one and send it no matter what the request is about. I'm sure you have lots of idea with the ideal image to make fun of the poor bastard.

RewriteRule \.(gif|jpe?g|png|bmp)$ /images/my_big_black_dingdong.gif [L,NC]

Good luck!

<< Your very own PHP progress bar PHP + Webber - an advanced guide on protecting files >>

DrSoft Blog

Tags

Prevent hotlinking with htaccess0 comments

The why

The how

Selecting the extensions to protect

So what next?