Anti-hotlink files question- please help!

Thirteen · 2006-01-28 21:32:38

My site deals with a ton of hotlinking issues all the time, so I usually resort to using htaccess to prevent any kind of hotlinking. It works fine, except I just noticed one major problem. Hotlinking is disabled when the file is linked directly via the file name so that’s all great- but it doesn’t work at all when someone is hotlinking by using the file download link generated by txp, meaning the “http://url.com/file_download/12” link.

I guess it’s being read as though it’s coming directly from my site? I’m not sure, but does anyone know a fix around this? Is there another way to prevent people from hotlinking both through the direct url and the generated url? This is really important as my bandwidth gets used up like crazy if I can’t disable it.

Please help! :( I don’t know if I’ve just been asking bad questions, but I haven’t been able to get any response in just about most threads I’ve started. I really try to figure things out on my own…but this one is fairly serious for me. Please, anyone have any ideas?

els · 2006-01-28 22:33:03

I don’t know if I’ve just been asking bad questions, but I haven’t been able to get any response in just about most threads I’ve started.

I’m sorry I can’t help you with this one, but I don’t think your other questions were ‘bad’ ones (well, I just found two of them), you just had some bad luck I think that they were not noticed by people who could answer them. I think you could bump the one about the file categories, if a question doesn’t get answered, you might add a post asking if supplementary information is required. (I’m sorry I can’t answer that one either…)

zem · 2006-01-29 01:45:39

it doesn’t work at all when someone is hotlinking by using the file download link generated by txp, meaning the “http://url.com/file_download/12” link.

What doesn’t work, precisely?

Thirteen · 2006-01-29 07:05:19

zem: Anti-hotlinking doesn’t work- meaning anyone can directly link to the downloads via the URL that TXP generates (i.e. “http://url.com/file_download/12”), and the file is then downloadable anywhere. Hotlinking is only disabled for the exact direct link to the file when accessed directly. I hope I’m making sense. Let me try to explain it another way- for example, if there’s a file called “brushes.zip” sitting inside the files directory of my site and I have hotlinking disabled via htaccess for everything inside my files directory:

Using this link: “http://myurl.com/files/brushes.zip” – accessing this file only works when the link is clicked on anywhere on my site. If the link is displayed on any other site, they get an error and my anti-hotlinking image.

Using this link: “http://myurl.com/file_downlad/12” – this is the link that txp generates…and accessing the file anywhere and on any site works completely…which means anti-hotlinking isn’t working. That’s bad because anyone can still direct link to my files if they use this url, which is more likely as that’s the one that’s being displayed on my site.

I hope that’s clearer. Any ideas on what I can do?

> doggiez wrote:

> bq. I’m sorry I can’t help you with this one, but I don’t think your other questions were ‘bad’ ones (well, I just found two of them), you just had some bad luck I think that they were not noticed by people who could answer them. I think you could bump the one about the file categories, if a question doesn’t get answered, you might add a post asking if supplementary information is required. (I’m sorry I can’t answer that one either…)

Thanks a lot for referring to them at all. I just felt like maybe everyone was so familiar with textpattern that they get annoyed with newbie questions like mine, so I’m reluctant to bump threads or questions. I tend to notice other questions gets answered or replied to…so I figured mine was probably especially bad that it gets ignored so then bumping it would only annoy others eveen more. I was just getting a little frustrated at having all these problems, and having to really refrain myself from asking on this forum. Alas, I had to ask about the hotlinking one because it’s probably one thing that I absolutely cannot compromise about and “ignore the problem for now” kind of thing.

zem · 2006-01-29 12:21:43

I should be more specific: what .htaccess magic are you using for your anti-hotlinking protection?

Thirteen · 2006-01-29 12:44:47

Ah okay…I’m using something like this to disable hotlinking to images and files:

<code>
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?myurl.net(/)?.*$ [NC]
RewriteRule .*\.(gif|jpg|jpeg|bmp|png|psd|zip|sit|hqx|mp3|mpeg|avi)$ http://myurl.net/images/nohotlink.gif [R,NC]
</code>

Last edited by Thirteen (2006-01-29 12:45:05)

zem · 2006-01-29 22:45:23

Seems to me that your htaccess rules are doing exactly what they’re supposed to: blocking access to URLs than end in one of the listed extensions.

You’ll need to add an extra rule blocking access to the /file_download directory.

Thirteen · 2006-01-29 23:02:14

I thought of that as well, so I had tried to search for a rule to block access to the directory. I’m a bit at a loss of how to do that because most tutorials I’ve come across about directory blocking just states that the htaccess file should be dropped into the said directory. That creates a problem because there is no such “actual” directory folder for me to drop it into. I’m sorry to bother you again…but might you know how to add this said rule or know of a site that gives a tutorial on this? I’m having no luck searching for it so far…

By the way, thank you so much for helping me out with this- I really appreciate it!

zem · 2006-01-29 23:09:49

Probably something like RewriteRule ^file_download http://myurl.net/images/nohotlink.gif [R,NC]. You’ll need to experiment, server configurations vary. See the mod_rewrite manual for details.

Thirteen · 2006-01-30 18:24:08

Thanks zem, I’ve tried what you gave me…and spent the last 24 hours experimenting and referring to the manual. Nothing worked. I finally contacted my host’s support on the off-chance that they could help me. I ended up getting this answer:

“For it to work, you would have to adjust your downloads to use the direct links, or adjust the script.”

Does that mean that with the way textpattern is set up…I’m pretty much doomed to allowing people to hotlink to my files? Or was my host’s support being dumb and misinformed me? If I can’t disable hotlinking, I might have to give textpattern up totally…which is something I really really don’t want to do. Argh, frustration! :(

Last edited by Thirteen (2006-01-30 18:25:31)

apo · 2006-02-04 19:50:51

I am also trying to solve this for my site, but it didnt work yet. Any new ideas or complete rules?

btw: Is this possible by editing the htaccess if the urls are generated from within txp and not by the .htaccess file itself? or isnt it that way and i misunderstand smth?

csandberg · 2006-04-13 12:45:02

Any luck yet? I have the same problem, and I can’t imagine that this could be so hard to implement if I just knew how .htaccess and regular expressions worked. :(

Textpattern CMS

Textpattern CMS support forum

#1 2006-01-28 21:32:38

Anti-hotlink files question- please help!

#2 2006-01-28 22:33:03

Re: Anti-hotlink files question- please help!

#3 2006-01-29 01:45:39

Re: Anti-hotlink files question- please help!

#4 2006-01-29 07:05:19

Re: Anti-hotlink files question- please help!

#5 2006-01-29 12:21:43

Re: Anti-hotlink files question- please help!

#6 2006-01-29 12:44:47

Re: Anti-hotlink files question- please help!

#7 2006-01-29 22:45:23

Re: Anti-hotlink files question- please help!

#8 2006-01-29 23:02:14

Re: Anti-hotlink files question- please help!

#9 2006-01-29 23:09:49

Re: Anti-hotlink files question- please help!

#10 2006-01-30 18:24:08

Re: Anti-hotlink files question- please help!

#11 2006-02-04 19:50:51

Re: Anti-hotlink files question- please help!

#12 2006-04-13 12:45:02

Re: Anti-hotlink files question- please help!

Board footer