Ultimate Hotlinking Protection

Ultimate Hotlinking Protection

Overview Updates (2) Reviews (2) Discussion
silence said:
I've never had too much success with such convertors but I'll test it out later :)
Click to expand...
If you want simple (without the image showing) then you can do this
Code: 
location ~* (\.jpg|\.png|\.css|\.gif)$ {
    valid_referers blocked yoursite.com wwwyoursite.com *.google.com *.bing.com *.yahoo.com;
    if ($invalid_referer)  {
        return 405;
    }
}

You can add any additional extensions you need in the (\.jpg|\.png|\.css|\.gif) area.
 
Last edited:
Jaxel said:
Is hotlink prevention even important anymore? Bandwidth is cheap as ****.
Click to expand...
Check this out: http://webmasters.stackexchange.com...king-what-is-it-and-why-shouldnt-people-do-it

I use MetaMirror http://xenforo.com/community/resources/metamirror.2117/

Any external linked image you add to 8thos as a [ I M G ] bb code that is under 2MB gets automatically converted into an attachment just in case the image we linked to is deleted from the other site, moved, has a limited bandwidth or their server goes offline. "Cross-site scripting and phishing attacks may include inline links to a legitimate site to gain the confidence of a victim." MetaMirror is more secure in the fact that images are no longer hotlinked to the site.

Another problem is copyright infringement issues. To prevent possible copyright infringement issues due to MetaMirror, I disabled images and videos are disabled in threads for Guests. This also helps with LinkRot: and this: http://en.wikipedia.org/wiki/Linkrot

By disabling mages and Video Links are hidden from Guests in threads, some guests may be encouraged to register. It also helps avoid some copyright infringement takedown requests since guests can't see and it isn't indexed in search engines. Because images and videos in threads can't be seen, hopefully this may encourage members to create public albums and include images and video in their blogs since images and video can be shown there.

Later I'll pay Borbole to make a Hide Images and Videos from guests by both a forum basis and usergroup basis but the basic addon will have to do for now.

From that first site I linked:

  1. Aside from costing the owner in bandwidth, by hotlinking their files you may be undermining their revenue source. Many websites may depend on revenue from advertisements, and the said advertisements are usually not placed in the files themselves, but in the html page where the files are linked to or displayed (e.g. a software developer may depend on revenue from ads on their download page, but not on ads in the actual software). By bypassing the html page, you could also bypass advertisements, and thus, deprive them of revenue.

  2. It is considered especially rude to hotlink images or other embedded assets without crediting the author (which many people do). Not only are you plagiarizing their content, you are also doing so in a way that (may) use their resources and deprive them of revenue.
 
Any summary here if I use apache and want just one or two sites NOT to be able to hotlink to my XF images? Most .htaccess examples don't work because of the lack of a file extension on the XF attachments.

Has anyone written out the rule based on the XF scheme?

11-jpg.5634/, etc.?
 
I tried some basic Regex at the root directory .htaccess, but it seemed to mess up the whole site. I suspect because all urls are rewritten to XF (that is, no actual /xf/attachments/ directory exists), that the rule will have to be placed elsewhere??

The Regex is something like this.....
Code: 
(/\w{4}/\w+/\w{3}\d+-\w{3}.\d+/) $ - [F]
 
craigiri said:
I tried some basic Regex at the root directory .htaccess, but it seemed to mess up the whole site. I suspect because all urls are rewritten to XF (that is, no actual /xf/attachments/ directory exists), that the rule will have to be placed elsewhere??

The Regex is something like this.....
Code: 
(/\w{4}/\w+/\w{3}\d+-\w{3}.\d+/) $ - [F]
Click to expand...

Did you ever get it working?

It's good with
Code: 
([0-9a-zA-Z])+-(png|jpg|jpeg|gif)[.]([0-9]+)

but brings issues with it with pretty URL's enabled.

edit: oops sorry, you use apache.
 
I include this in my running .htaccess like
Code: 
<IfModule mod_rewrite.c>
    RewriteEngine On

    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://www.itdarasgah.com/$1 [R,L]

    #    If you are having problems with the rewrite rules, remove the "#" from the
    #    line that begins "RewriteBase" below. You will also have to change the path
    #    of the rewrite to reflect the path to your XenForo installation.
    #RewriteBase /xenforo

    #    This line may be needed to enable WebDAV editing with PHP as a CGI.
    #RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -l [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^.*$ - [NC,L]
    RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
    RewriteRule ^.*$ index.php [NC,L]
        #    Ultimate Hotlinking Protection Begun.
        RewriteEngine on
        RewriteCond %{HTTP_REFERER} !^$
        RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?itdarasgah.com [NC]
        RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
        RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?bing.com [NC]
        RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yahoo.com [NC]
        RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?facebook.com [NC]
        RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?twitter.com [NC]
        RewriteRule \.(jpg|jpeg|png|gif|bmp|tiff|pic|mp3|doc|xls|mpeg|mpg|ram|rm|wma|wav|asx|wmv|avi|swf|mov|zip|rar|exe)$ http://i41.tinypic.com/2wq73lx.jpg [NC,R,L]
        #    Ultimate Hotlinking Protection Ends.
</IfModule>
but looks like not working :)
 
You must log in or register to reply here.

Similar threads

D
Hotlinking Protection
Replies
1
Views
1K
Deleted member 745
D
Back
Top Bottom