XF 1.1 Stop people hotlinking attachments?

Member 3639

Member 3639

Active member
Is there any way to stop people hotlinking attachments on posts?

I was given this before;

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://gamingonlinux.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://gamingonlinux.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.gamingonlinux.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.gamingonlinux.com$ [NC]
RewriteCond %{QUERY_STRING} attachments/.*$
RewriteRule ^.*$ http://www.gamingonlinux.com/nohotlinking.jpg? [NC,L]
Click to expand...

Which doesn't seem to work :(
 
Sort by date Sort by votes
This is the .htaccess I use to prevent hotlinking attachments from my forum. You will want to change mydomain to the domain name of your website.

This is the code I added:

Code: 
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com [NC]
RewriteCond %{QUERY_STRING} !uniquekey=attachments/
RewriteRule ^.*$ http://www.google.com/images/srpr/logo4w.png? [NC,L]

The complete .htaccess file:

Code: 
#   Mod_security can interfere with uploading of content such as attachments. If you
#   cannot attach files, remove the "#" from the lines below.
#<IfModule mod_security.c>
#   SecFilterEngine Off
#   SecFilterScanPOST Off
#</IfModule>

ErrorDocument 401 default
ErrorDocument 403 default
ErrorDocument 404 default
ErrorDocument 500 default

<IfModule mod_rewrite.c>
   RewriteEngine On

   RewriteCond %{HTTP_REFERER} !^$
   RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com [NC]
   RewriteCond %{QUERY_STRING} !uniquekey=attachments/
   RewriteRule ^.*$ http://www.google.com/images/srpr/logo4w.png? [NC,L]

   #   If you are having problems with the rewrite rules, remove the "#" from the
   #   line that begins "RewriteBase" below. You will also have to change the path
   #   of the rewrite to reflect the path to your XenForo installation.
   #RewriteBase /xenforo

   #   This line may be needed to enable WebDAV editing with PHP as a CGI.
   #RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

   RewriteCond %{REQUEST_FILENAME} -f [OR]
   RewriteCond %{REQUEST_FILENAME} -l [OR]
   RewriteCond %{REQUEST_FILENAME} -d
   RewriteRule ^.*$ - [NC,L]
   RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
   RewriteRule ^.*$ index.php [NC,L]
</IfModule>
 
Last edited:
  • Like
Reactions: DRE
Upvote 0 Downvote
This is more difficult than I imagined. Has anyone got this working with both attachments and other extensions?


Ex: jpe?g?|gif|png|bmp|tiff?|pic|mp3|doc|xls)

Also, I saw in that guide they had it to where you can allow other domains like google and yahoo so that they'll only show in the search page.
 
Upvote 0 Downvote
Basically I need to combine:

AndyB said:
Code: 
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com [NC]
RewriteCond %{QUERY_STRING} !uniquekey=attachments/
RewriteRule ^.*$ http://www.google.com/images/srpr/logo4w.png? [NC,L]
Click to expand...
and

http://xenforo.com/community/threads/ib-hotlinking-my-site.32917/page-3#post-376223

Anthony Parsons said:
Code: 
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(. \.)?mysite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ http://i.imgur.com/qX4w7.gif [L]
Click to expand...
 
Upvote 0 Downvote
Today I looked at my site at Google.com using this method:

site:mydomain.com

Every link indexed by Google of my site goes to the the Google logo I have in my RewriteRule. So I removed the RewriteCond lines (all four of them) and now back to trying to figure out how to prevent hotlinking attachments.
 
Upvote 0 Downvote
How about this: http://perishablepress.com/creating-the-ultimate-htaccess-anti-hotlinking-strategy/

Version 1) Complete Hotlink Protection
If you are looking for complete hotlink protection for your site and all subdomains, copy & paste the following code into your site’s root htaccess file:
Code: 
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g?|png)$ [NC]
RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?domain\. [NC]
RewriteRule \.(gif|jpe?g?|png)$ - [F,NC,L]
To use the previous code, only one edit is required: change the term “domain” to match your domain. For example, if your domain name is http://www.website.com/, you would replace “domain” with “website”. Note that this code is set to protect the following file types: .jpg, .jpeg, .jpe, gif, and png. To protect additional files, such as those with the.ico format, simply add “|ico” after the “|png” in both the 6th and 8th lines.
 
Upvote 0 Downvote
I'm using this overkill rewrite but it works. I would like to get it working with a replacement image though.

Code: 
       RewriteCond %{HTTP_REFERER} !^$
       RewriteCond %{REQUEST_FILENAME} -f
       RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g?|png|bmp|tiff?|pic|mp3|doc|xls|mpeg|mpg|ram|rm|wma|wav|asx|wmv|avi|mov|zip|rar|exe)$ [NC]
       RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?8thos\. [NC]
       RewriteRule \.(gif|jpe?g?|png|bmp|tiff?|pic|mp3|doc|xls|mpeg|mpg|ram|rm|wma|wav|asx|wmv|avi|mov|zip|rar|exe)$ - [F,NC,L]
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

oO5 Dynasty
Does anybody know of an add-on that has forms members can fill out in ordered to be verified? Stop people for faking like they are somebody they R not
Replies
2
Views
828
oO5 Dynasty
oO5 Dynasty
Top Bottom