Hotlink Protection Do Not Block Google, Bing or Yahoo

Home Forums BulletProof Security Pro Hotlink Protection Do Not Block Google, Bing or Yahoo

This topic contains 43 replies, has 7 voices, and was last updated by  AITpro Admin 2 weeks ago.

Viewing 15 posts - 1 through 15 (of 44 total)
  • Author
    Posts
  • #8502 Facebook Google Twitter Email Stumbleupon Digg reddit pinterest Myspace Delicious LinkedIn tumblr

    AITpro Admin
    Keymaster

    Hotlink protection, but do not block Google, Bing and Yahoo from retrieving images.

    1. Add this code and any other blocking or redirect custom .htaccess code to this Custom Code text box: CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE: Add miscellaneous code here

    2. Click the Save Root Custom Code button.

    3. Go to the Security Modes page, click the Create secure.htaccess File AutoMagic button and activate root folder BulletProof Mode again.

    Replace the ait-pro.com domain with your actual domain name.  Replace the Server IP Address with your actual Server IP Address

    SetEnvIfNoCase Referer "^(http|https)://www\.ait-pro\.com.*$" whitelist
    SetEnvIfNoCase Referer "^(http|https)://.*google.*" whitelist
    SetEnvIfNoCase Referer "^(http|https)://.*yahoo.*" whitelist
    SetEnvIfNoCase Referer "^(http|https)://.*bing.*" whitelist
    
    <FilesMatch "\.(gif|jpg|jpeg|png|bmp)$">
    Order Allow,Deny
    Allow from env=whitelist
    # Add Your Server IP Address
    # Note: A Server IP address May be Required for 
    # everything to work depending on your Host Server
    Allow from 173.201.92.1
    </FilesMatch>

     

    #9808 Facebook Google Twitter Email Stumbleupon Digg reddit pinterest Myspace Delicious LinkedIn tumblr

    AITpro Admin
    Keymaster

    If you have an image or images that you do not want to allow HotLinking for these specific images (including Google, Yahoo and Bing) then this code will protect individual images from being HotLinked.  This code can be used together with the Google, Yahoo, Bing safe HotLink Protection code.

    Replace the ait-pro.com domain with your actual domain name.  Replace the Server IP Address with your actual Server IP Address.  Add you actual image file names in the FilesMatch section of code.

    # HotLink Protection for individual images
    SetEnvIfNoCase Referer "^(http|https)://www\.ait-pro\.com$" whitelist-special
    
    <FilesMatch "(example-image-name-1\.png|example-image-name-2\.png|example-image-name-3\.png)$">
    Order Allow,Deny
    Allow from env=whitelist-special
    # Add Your Server IP Address
    Allow from 173.201.92.1
    </FilesMatch>
    #11095 Facebook Google Twitter Email Stumbleupon Digg reddit pinterest Myspace Delicious LinkedIn tumblr

    James
    Participant

    Thanks for this, very useful.  Could I just confirm a few details with regards to the correct code and formatting please? If I have a .com and .co.uk version of the same domain, is it better to use:

    SetEnvIfNoCase Referer "^(http|https)://www\.mydomain\.com$" whitelist
    SetEnvIfNoCase Referer "^(http|https)://www\.mydomain\.co.uk$" whitelist
    
    or maybe:
    
    SetEnvIfNoCase Referer "^(http|https)://.*mydomain.*" whitelist
    
    Also, for the server address white listing line, is the dollar sign at the end of the server address a wildcard term?  Do I understand correctly that I don't need to enter the full 3 digits of the last part of the server address, just the first digit followed by the $?  So if my server address is 123.123.123.123 then should the line read:
    
    SetEnvIf Server_Addr "^123\.123\.123\.1$" whitelist
    
    or
    
    SetEnvIf Server_Addr "^123\.123\.123\.123$" whitelist

    Many thanks, James

    • This reply was modified 2 months, 4 weeks ago by  AITpro Admin.
    #11097 Facebook Google Twitter Email Stumbleupon Digg reddit pinterest Myspace Delicious LinkedIn tumblr

    AITpro Admin
    Keymaster

    Yep, if both the .com and .co.uk websites are sharing image files then using Regular Expressions code .* match anything – works fine.  If the 2 websites are not sharing image files then this is not necessary to do.  If each website is only using/displaying image files on its own site then you would not need to create this type of rule with Regular Expressions code.

    SetEnvIfNoCase Referer "^(http|https)://.*mydomain.*" whitelist

    In this particular case/usage the caret ^ means the start of the condition/rule and the dollar sign $ means the end of the condition/rule.

    If you wanted to use Regular Expressions code to match any number from 0 to 9 with 1 to 3 characters in the 4th octet of the IP address.  This is just an example and is not necessary because your Server/website IP address is static and will not change, unless of course you moved to another Server or Host.

    Note:  This was referring to older code that was actually a mistake and has now been changed and corrected above.

    SetEnvIf Server_Addr "^99\.88\.77\.[0-9]{1,3}$" whitelist
    #14921 Facebook Google Twitter Email Stumbleupon Digg reddit pinterest Myspace Delicious LinkedIn tumblr

    Young Master
    Participant

    Hello AITpro Admin,

    Am having problems using this hotlink protection code on my site. After testing this code on my site all the images disappeared on my site including plugins images. Is there an alternative to this code?

    #14923 Facebook Google Twitter Email Stumbleupon Digg reddit pinterest Myspace Delicious LinkedIn tumblr

    AITpro Admin
    Keymaster

    This code should work fine on every single Host Server worldwide so double check that you changed the example domain name to your domain name and changed the IP address in the code and check that you did not make a typo/mistake.

    #15351 Facebook Google Twitter Email Stumbleupon Digg reddit pinterest Myspace Delicious LinkedIn tumblr

    silas88
    Participant

    Hi,

    I thought this code was working for me until I commented out my IP address. Then I found that images were being blocked so I’d recommend anyone who uses this to test either with another IP address or comment out the IP address until you know it’s working.

    I have been able to get this to partially work by changing the site Referer rule slightly…

    SetEnvIfNoCase Referer "^(http|https)://www\.mydomain\.com.*" whitelist

    I noticed that I had Referer strings in old test logs which often ended with a “mydomain.com/”. Unfortunately I can see in my cpanel log that some images in the root are still being blocked.

    [Sun Jun 01 02:17:30 2014] [error] [client 11.22.333.44] client denied by server configuration: /home/user/public_html/mydomain.com/favicon-196x196.png
    [Sun Jun 01 02:17:30 2014] [error] [client 11.22.333.44] client denied by server configuration: /home/user/public_html/mydomain.com/favicon-160x160.png
    [Sun Jun 01 02:17:29 2014] [error] [client 11.22.333.44] client denied by server configuration: /home/user/public_html/mydomain.com/favicon-96x96.png
    [Sun Jun 01 02:17:28 2014] [error] [client 11.22.333.44] client denied by server configuration: /home/user/public_html/mydomain.com/favicon-16x16.png
    [Sun Jun 01 02:17:28 2014] [error] [client 11.22.333.44] client denied by server configuration: /home/user/public_html/mydomain.com/favicon-32x32.png
    

    I think these errors may be due to legitimate requests which have a blank Referer string but I haven’t tested enough to say this for certain.

    • This reply was modified 2 months, 4 weeks ago by  AITpro Admin.
    #15353 Facebook Google Twitter Email Stumbleupon Digg reddit pinterest Myspace Delicious LinkedIn tumblr

    AITpro Admin
    Keymaster

    I thought this code was working for me until I commented out my IP address.

    Do you mean you commented out your Server’s IP address?  Your Server’s IP address must be included in the FilesMatch section of code in order to allow image retrieval.

    #15379 Facebook Google Twitter Email Stumbleupon Digg reddit pinterest Myspace Delicious LinkedIn tumblr

    silas88
    Participant

    Oops! I had specified my client IP address. Back to the drawing board for me! I’ll retest tomorrow with the server address.

    • This reply was modified 2 months, 4 weeks ago by  AITpro Admin.
    #15381 Facebook Google Twitter Email Stumbleupon Digg reddit pinterest Myspace Delicious LinkedIn tumblr

    AITpro Admin
    Keymaster

    Correction:   You do NOT need to whitelist your Server’s IP address – it is recommended, but not required.  Yes, you are correct that if your URL’s have a trailing backslash and/or you have a subfolder site:  ait-pro.com/example-site/ then you would need to add .* after the root domain name.

    #15382 Facebook Google Twitter Email Stumbleupon Digg reddit pinterest Myspace Delicious LinkedIn tumblr

    silas88
    Participant

    I just retested it this with my server IP address and it works perfectly. That will teach me to read the instructions more carefully!
    Thanks.

    • This reply was modified 2 months, 4 weeks ago by  AITpro Admin.
    #15385 Facebook Google Twitter Email Stumbleupon Digg reddit pinterest Myspace Delicious LinkedIn tumblr

    AITpro Admin
    Keymaster

    Your .* is why it is working since I was mistaken about the Server IP address.  I cannot remember why that is needed anymore, but there are cases where the Server’s IP address is needed for the code to work.  I have updated the HotLink Protection code to include the .* for the root domain and added that the Server’s IP address is optional/not required.

    #15386 Facebook Google Twitter Email Stumbleupon Digg reddit pinterest Myspace Delicious LinkedIn tumblr

    silas88
    Participant

    It was only after adding the Server IP address (in addition to the “.*” ) that I was able to get this working without any errors from images located in my domain root – see the errors in my post above related to favicons in my root “mydomain/”
    Thanks.

    • This reply was modified 2 months, 4 weeks ago by  AITpro Admin.
    #15390 Facebook Google Twitter Email Stumbleupon Digg reddit pinterest Myspace Delicious LinkedIn tumblr

    AITpro Admin
    Keymaster

    Ok then your Server is one of the cases where the Server IP address is required.  I have updated the code and added a note for this.
    # Note: A Server IP address May be Required for
    # everything to work depending on your Host Server

    • This reply was modified 2 months, 4 weeks ago by  AITpro Admin.
    #15410 Facebook Google Twitter Email Stumbleupon Digg reddit pinterest Myspace Delicious LinkedIn tumblr

    silas88
    Participant

    I thought this was all fixed but I just noticed that I have crawl errors reported in Google web master tools for an image (.svg) file. I can not access the link to the image directly either but in the webpage it looks fine. I am puzzled!  Any idea what might be going on?
    Thanks.

    • This reply was modified 2 months, 4 weeks ago by  AITpro Admin.
Viewing 15 posts - 1 through 15 (of 44 total)

You must be logged in to reply to this topic.