1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.1 Stop people hotlinking attachments?

Discussion in 'XenForo Questions and Support' started by Member 3639, Aug 16, 2012.

  1. Member 3639

    Member 3639 Active Member

    Is there any way to stop people hotlinking attachments on posts?

    I was given this before;

    Which doesn't seem to work :(
     
  2. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    Try this:

    Code:
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?gamingonlinux\.com [NC]
    RewriteCond %{QUERY_STRING} (^|\?)attachments/
    RewriteRule ^.*$ http://www.gamingonlinux.com/nohotlinking.jpg? [NC,L]
    
     
    aiman.h.kallaf likes this.
  3. Member 3639

    Member 3639 Active Member

    Nope that doesn't work either.
     
  4. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    I can take a look if you give me FTP access.
     
    aiman.h.kallaf likes this.
  5. ArnyVee

    ArnyVee Well-Known Member

    Please post the results in the event that you find a solution :)
     
  6. Mouth

    Mouth Well-Known Member

    Puntocom likes this.
  7. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

  8. Member 3639

    Member 3639 Active Member

    What would you need the access for just to get the htaccess file?
     
  9. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    So I can put everything in context, and test and debug everything myself. Might be conflicting rules, lack of server support, other htaccess files overriding your rules, etc.
     
    aiman.h.kallaf likes this.
  10. Member 3639

    Member 3639 Active Member

    Have sent you a PM.
     
    aiman.h.kallaf likes this.
  11. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    Turned out to be a simple problem. You added the new rules to the bottom of the .htaccess file which is too late in the execution. I had to move them up a bit:

    Code:
    #	Mod_security can interfere with uploading of content such as attachments. If you
    #	cannot attach files, remove the "#" from the lines below.
    #<IfModule mod_security.c>
    #	SecFilterEngine Off
    #	SecFilterScanPOST Off
    #</IfModule>
    
    ErrorDocument 401 default
    ErrorDocument 403 default
    ErrorDocument 404 default
    ErrorDocument 500 default
    
    <IfModule mod_rewrite.c>
    	RewriteEngine On
    
    MOVED TO HERE
    
    	#	If you are having problems with the rewrite rules, remove the "#" from the
    	#	line that begins "RewriteBase" below. You will also have to change the path
    	#	of the rewrite to reflect the path to your XenForo installation.
    	#RewriteBase /xenforo
    
    	RewriteCond %{REQUEST_FILENAME} -f [OR]
    	RewriteCond %{REQUEST_FILENAME} -l [OR]
    	RewriteCond %{REQUEST_FILENAME} -d
    	RewriteRule ^.*$ - [NC,L]
    	RewriteRule ^(data|js|styles|install) - [NC,L]
    	RewriteRule ^.*$ index.php [NC,L]
    </IfModule>
    
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?gamingonlinux\.com [NC]
    RewriteCond %{QUERY_STRING} (^|\?)attachments/
    RewriteRule ^.*$ http://www.gamingonlinux.com/nohotlinking.jpg? [NC,L]
    
    It appears to work now.
     
    Allan and aiman.h.kallaf like this.
  12. DaKat

    DaKat Well-Known Member

    Wow. Is there anything Jake can't fix? (y)
     
    wickedstangs and DRE like this.
  13. DRE

    DRE Well-Known Member

    Would this also work through subdomains? I have Better Blogs that use the multiple domains feature.

    So say if my blog url is http://ethos.8thos.com would those rewrites also include attachments in my blog or is that another addon we have to add.
     
  14. DRE

    DRE Well-Known Member

    Also how do you do that without the www.
     
  15. Mick West

    Mick West Well-Known Member

    The example given works with or without the www the question mark at the end of (www\.)? means it's optional.

    You could make it work across all subdomains and protocols like:

    Code:
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^.*gamingonlinux\.com [NC]
    RewriteCond %{QUERY_STRING} (^|\?)attachments/
    RewriteRule ^.*$ http://www.gamingonlinux.com/nohotlinking.jpg? [NC,L]
    
     
    DRE likes this.
  16. Mick West

    Mick West Well-Known Member

    DRE likes this.
  17. DRE

    DRE Well-Known Member

    I read that it's better to use a replacement image not hosted by the server.

    So just replace that url with this? http://i39.tinypic.com/302pabd.jpg

    Code:
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^.*8thos\.com [NC]
    RewriteCond %{QUERY_STRING} (^|\?)attachments/
    RewriteRule ^.*$ http://i39.tinypic.com/302pabd.jpg? [NC,L]
    
     
  18. Mick West

    Mick West Well-Known Member

    Yeah, saves bandwidth. If that's a concern. I beleive you'd need the R paramters though, like
    Code:
    RewriteRule ^.*$ http://i39.tinypic.com/302pabd.jpg? [R,NC,L]
    Another trick is to prevent hotlinking based on the image extension, but use a local ".jpe" image, like:
    Code:
    RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/redirectimage.jpe [NC,L]
    There's always a variety of ways of doing things. Here's a detailed overview:
    http://perishablepress.com/creating-the-ultimate-htaccess-anti-hotlinking-strategy/
     
  19. DRE

    DRE Well-Known Member

    I added this one!
     
  20. DRE

    DRE Well-Known Member

    This isn't working for some reason. I can still see one of my attachments in another thread on another site.

    For instance, my afro should not be showing, it should the image in that tinypic I posted.

    Code:
    http://data.8thos.com/data/attachment-files/2013/09/48450_image.jpg
    [​IMG]
     

Share This Page