Ultimate Hotlinking Protection

[DRE]

DRE submitted a new resource:

Ultimate HotLink Protection - Use this generator to create a .htaccess file for hotlink protection of your images and pictures.

Hotlink protection can save you lots of bandwidth by preventing other sites from displaying your images.

Use this site to generate htaccess apache rewrite rules for hotlink protection: http://www.htaccesstools.com/hotlink-protection/

Read more about this resource...

 

[silence]

No love for NginX?

 

[DRE]

I'm using nginx.

As reverse proxy.

 

[silence]

I'm using nginx.

As reverse proxy.

I mean a NginX rewrite to prevent hotlinking?

 

[DRE]

DRE updated Ultimate Hotlinking Protection with a new update entry:

htaccess to nginx converter

htaccess to nginx converter added to resource.

Read the rest of this update entry...

 

[silence]

DRE updated Ultimate Hotlinking Protection with a new update entry:

htaccess to nginx converter



Read the rest of this update entry...

I've never had too much success with such convertors but I'll test it out later

 

[DRE]

DRE updated Ultimate Hotlinking Protection with a new update entry:

Hide Images and Video BB Code From Guests

Link to borbole's Hide Images from guest resource included since it's not already in the Resource Manager.

Read the rest of this update entry...

 

[Mike Edge]

Shouldn't you at least given credit to @Mick West who told you about this http://xenforo.com/community/threads/stop-people-hotlinking-attachments.35111/#post-634091 shortly before you released it as your guide?

 

[DRE]

Shouldn't you at least given credit to @Mick West who told you about this http://xenforo.com/community/threads/stop-people-hotlinking-attachments.35111/#post-634091 shortly before you released it as your guide?

Nope!

 

[TPerry]

I've never had too much success with such convertors but I'll test it out later

If you want simple (without the image showing) then you can do this

location ~* (\.jpg|\.png|\.css|\.gif)$ {
    valid_referers blocked yoursite.com wwwyoursite.com *.google.com *.bing.com *.yahoo.com;
    if ($invalid_referer)  {
        return 405;
    }
}

You can add any additional extensions you need in the (\.jpg|\.png|\.css|\.gif) area.

 

[Jaxel]

Is hotlink prevention even important anymore? Bandwidth is cheap as ****.

 

[DRE]

Is hotlink prevention even important anymore? Bandwidth is cheap as ****.

Check this out: http://webmasters.stackexchange.com...king-what-is-it-and-why-shouldnt-people-do-it

I use MetaMirror http://xenforo.com/community/resources/metamirror.2117/

Any external linked image you add to 8thos as a [ I M G ] bb code that is under 2MB gets automatically converted into an attachment just in case the image we linked to is deleted from the other site, moved, has a limited bandwidth or their server goes offline. "Cross-site scripting and phishing attacks may include inline links to a legitimate site to gain the confidence of a victim." MetaMirror is more secure in the fact that images are no longer hotlinked to the site.

Another problem is copyright infringement issues. To prevent possible copyright infringement issues due to MetaMirror, I disabled images and videos are disabled in threads for Guests. This also helps with LinkRot: and this: http://en.wikipedia.org/wiki/Linkrot

By disabling mages and Video Links are hidden from Guests in threads, some guests may be encouraged to register. It also helps avoid some copyright infringement takedown requests since guests can't see and it isn't indexed in search engines. Because images and videos in threads can't be seen, hopefully this may encourage members to create public albums and include images and video in their blogs since images and video can be shown there.

Later I'll pay Borbole to make a Hide Images and Videos from guests by both a forum basis and usergroup basis but the basic addon will have to do for now.

From that first site I linked:

1. Aside from costing the owner in bandwidth, by hotlinking their files you may be undermining their revenue source. Many websites may depend on revenue from advertisements, and the said advertisements are usually not placed in the files themselves, but in the html page where the files are linked to or displayed (e.g. a software developer may depend on revenue from ads on their download page, but not on ads in the actual software). By bypassing the html page, you could also bypass advertisements, and thus, deprive them of revenue.
   
   
2. It is considered especially rude to hotlink images or other embedded assets without crediting the author (which many people do). Not only are you plagiarizing their content, you are also doing so in a way that (may) use their resources and deprive them of revenue.
   

 

[craigiri]

Any summary here if I use apache and want just one or two sites NOT to be able to hotlink to my XF images? Most .htaccess examples don't work because of the lack of a file extension on the XF attachments.

Has anyone written out the rule based on the XF scheme?

11-jpg.5634/, etc.?

 

[craigiri]

I tried some basic Regex at the root directory .htaccess, but it seemed to mess up the whole site. I suspect because all urls are rewritten to XF (that is, no actual /xf/attachments/ directory exists), that the rule will have to be placed elsewhere??

The Regex is something like this.....

(/\w{4}/\w+/\w{3}\d+-\w{3}.\d+/) $ - [F]

 

[D.O.A.]

I tried some basic Regex at the root directory .htaccess, but it seemed to mess up the whole site. I suspect because all urls are rewritten to XF (that is, no actual /xf/attachments/ directory exists), that the rule will have to be placed elsewhere??

The Regex is something like this.....

(/\w{4}/\w+/\w{3}\d+-\w{3}.\d+/) $ - [F]

Did you ever get it working?

It's good with

([0-9a-zA-Z])+-(png|jpg|jpeg|gif)[.]([0-9]+)

but brings issues with it with pretty URL's enabled.

edit: oops sorry, you use apache.

 

[Mian Shahid]

I include this in my running .htaccess like

<IfModule mod_rewrite.c>
    RewriteEngine On

    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://www.itdarasgah.com/$1 [R,L]

    #    If you are having problems with the rewrite rules, remove the "#" from the
    #    line that begins "RewriteBase" below. You will also have to change the path
    #    of the rewrite to reflect the path to your XenForo installation.
    #RewriteBase /xenforo

    #    This line may be needed to enable WebDAV editing with PHP as a CGI.
    #RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -l [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^.*$ - [NC,L]
    RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
    RewriteRule ^.*$ index.php [NC,L]
        #    Ultimate Hotlinking Protection Begun.
        RewriteEngine on
        RewriteCond %{HTTP_REFERER} !^$
        RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?itdarasgah.com [NC]
        RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
        RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?bing.com [NC]
        RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yahoo.com [NC]
        RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?facebook.com [NC]
        RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?twitter.com [NC]
        RewriteRule \.(jpg|jpeg|png|gif|bmp|tiff|pic|mp3|doc|xls|mpeg|mpg|ram|rm|wma|wav|asx|wmv|avi|swf|mov|zip|rar|exe)$ http://i41.tinypic.com/2wq73lx.jpg [NC,R,L]
        #    Ultimate Hotlinking Protection Ends.
</IfModule>

but looks like not working