Hotlink Protection Do Not Block Google, Bing or Yahoo

Home Forums BulletProof Security Pro Hotlink Protection Do Not Block Google, Bing or Yahoo

Viewing 15 posts - 1 through 15 (of 80 total)
  • Author
    Posts
  • #8502
    AITpro Admin
    Keymaster

    Hotlink Protection: Will not block Google, Bing and Yahoo from retrieving images from your website.

    1. Add the Hotlink Protection code to this BPS Root Custom Code text box: CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE: Add miscellaneous code here
    2. Click the Save Root Custom Code button.
    3. BPS Pro 11.9+ & BPS .53.8+: Go to the Security Modes page and click the Root Folder BulletProof Mode Activate button.
    3. Older BPS versions: Go to the Security Modes page, click the Create secure.htaccess File AutoMagic button, select the Activate Root Folder BulletProof Mode Radio button and click the Activate|Deactivate button.

    Note:  LiteSpeed servers do not support the Apache SetEnv directive.  If you have a LiteSpeed server this code will not work on your website and you will need to use the Dumbed Down Hotlink Protection code.

    # Hotlink Protection: google, bing, yahoo safe
    # Replace the ait-pro.com domain name with your website domain name 
    SetEnvIfNoCase Referer "^(http|https)://.*\.ait-pro\.com$" whitelist
    SetEnvIfNoCase Referer "^(http|https)://.*\.google\.com$" whitelist
    SetEnvIfNoCase Referer "^(http|https)://.*\.yahoo\.com$" whitelist
    SetEnvIfNoCase Referer "^(http|https)://.*\.bing\.com$" whitelist
    
    <FilesMatch "\.(gif|jpg|jpeg|png|bmp)$">
    Order Allow,Deny
    Allow from env=whitelist
    </FilesMatch>

    Dumbed Down Hotlink Protection code
    This code is dumbed down to work on LiteSpeed servers and all other servers.  Will not block Google, Bing and Yahoo from retrieving images from your website.

    # Hotlink Protection code Dumbed Down to work on all servers:
    # Regex ? character & SetEnv directive do not work on some servers
    # Forbid empty Referer & all other domains from hotlinking to images
    # Except for your domain, google, yahoo or bing domains
    # Replace the ait-pro.com domain name with your website domain name
    RewriteCond %{HTTP_REFERER} !^($|(http|https):\/\/.*(ait-pro\.com|google\.com|yahoo\.com|bing\.com)) [NC]
    RewriteCond %{REQUEST_URI} ^.*\.(jpeg|jpg|gif|bmp|png)$ [NC]
    RewriteRule ^(.*)$ - [F]

    Troubleshooting possible causes for Hotlink Protection code not working on your website:
    • Incorrect domain name used in code.
    • LiteSpeed servers do not support the Apache SetEnv directive – use the Dumbed Down Hotlink Protection code.
    • BPS Custom Code steps were not done or done completely.
    • External service like cloudflare or a CDN caching content externally/offsite.
    • Local cache, caching plugin or Browser cache.
    • SSL or Proxy configuration issue/problem.

    Additional Notes:  Some servers do not process the Regex question mark character ? due to server security or other configuration settings. For that reason the Regex ? character has not been used in any of the code above and “or” conditions using the Pipe Operator | have been used instead since this Regex character is allowed on all servers. The ? Regex character matches 0 or 1 of the preceding token, effectively making it optional.

    #9808
    AITpro Admin
    Keymaster

    If you have an image or images that you do not want to allow HotLinking for these specific images (including Google, Yahoo and Bing) then this code will protect individual images from being HotLinked.  This code can be used together with the Google, Yahoo, Bing safe HotLink Protection code.

    Replace the ait-pro.com domain with your actual domain name.  Replace the Server IP Address with your actual Server IP Address.  Add you actual image file names in the FilesMatch section of code.

    # HotLink Protection for individual images
    SetEnvIfNoCase Referer "^(http|https)://www\.ait-pro\.com$" whitelist-special
    
    <FilesMatch "(example-image-name-1\.png|example-image-name-2\.png|example-image-name-3\.png)$">
    Order Allow,Deny
    Allow from env=whitelist-special
    # Add Your Server IP Address
    Allow from 173.201.92.1
    </FilesMatch>
    #11095
    James
    Participant

    Thanks for this, very useful.  Could I just confirm a few details with regards to the correct code and formatting please? If I have a .com and .co.uk version of the same domain, is it better to use:

    SetEnvIfNoCase Referer "^(http|https)://www\.mydomain\.com$" whitelist
    SetEnvIfNoCase Referer "^(http|https)://www\.mydomain\.co.uk$" whitelist
    
    or maybe:
    
    SetEnvIfNoCase Referer "^(http|https)://.*mydomain.*" whitelist
    
    Also, for the server address white listing line, is the dollar sign at the end of the server address a wildcard term?  Do I understand correctly that I don't need to enter the full 3 digits of the last part of the server address, just the first digit followed by the $?  So if my server address is 123.123.123.123 then should the line read:
    
    SetEnvIf Server_Addr "^123\.123\.123\.1$" whitelist
    
    or
    
    SetEnvIf Server_Addr "^123\.123\.123\.123$" whitelist

    Many thanks, James

    #11097
    AITpro Admin
    Keymaster

    Yep, if both the .com and .co.uk websites are sharing image files then using Regular Expressions code .* match anything – works fine.  If the 2 websites are not sharing image files then this is not necessary to do.  If each website is only using/displaying image files on its own site then you would not need to create this type of rule with Regular Expressions code.

    SetEnvIfNoCase Referer "^(http|https)://.*mydomain.*" whitelist

    In this particular case/usage the caret ^ means the start of the condition/rule and the dollar sign $ means the end of the condition/rule.

    If you wanted to use Regular Expressions code to match any number from 0 to 9 with 1 to 3 characters in the 4th octet of the IP address.  This is just an example and is not necessary because your Server/website IP address is static and will not change, unless of course you moved to another Server or Host.

    Note:  This was referring to older code that was actually a mistake and has now been changed and corrected above.

    SetEnvIf Server_Addr "^99\.88\.77\.[0-9]{1,3}$" whitelist
    #14921
    Young Master
    Participant

    Hello AITpro Admin,

    Am having problems using this hotlink protection code on my site. After testing this code on my site all the images disappeared on my site including plugins images. Is there an alternative to this code?

    #14923
    AITpro Admin
    Keymaster

    This code should work fine on every single Host Server worldwide so double check that you changed the example domain name to your domain name and changed the IP address in the code and check that you did not make a typo/mistake.

    #15351
    silas88
    Participant

    Hi,

    I thought this code was working for me until I commented out my IP address. Then I found that images were being blocked so I’d recommend anyone who uses this to test either with another IP address or comment out the IP address until you know it’s working.

    I have been able to get this to partially work by changing the site Referer rule slightly…

    SetEnvIfNoCase Referer "^(http|https)://www\.mydomain\.com.*" whitelist

    I noticed that I had Referer strings in old test logs which often ended with a “mydomain.com/”. Unfortunately I can see in my cpanel log that some images in the root are still being blocked.

    [Sun Jun 01 02:17:30 2014] [error] [client 11.22.333.44] client denied by server configuration: /home/user/public_html/mydomain.com/favicon-196x196.png
    [Sun Jun 01 02:17:30 2014] [error] [client 11.22.333.44] client denied by server configuration: /home/user/public_html/mydomain.com/favicon-160x160.png
    [Sun Jun 01 02:17:29 2014] [error] [client 11.22.333.44] client denied by server configuration: /home/user/public_html/mydomain.com/favicon-96x96.png
    [Sun Jun 01 02:17:28 2014] [error] [client 11.22.333.44] client denied by server configuration: /home/user/public_html/mydomain.com/favicon-16x16.png
    [Sun Jun 01 02:17:28 2014] [error] [client 11.22.333.44] client denied by server configuration: /home/user/public_html/mydomain.com/favicon-32x32.png
    

    I think these errors may be due to legitimate requests which have a blank Referer string but I haven’t tested enough to say this for certain.

    #15353
    AITpro Admin
    Keymaster

    I thought this code was working for me until I commented out my IP address.

    Do you mean you commented out your Server’s IP address?  Your Server’s IP address must be included in the FilesMatch section of code in order to allow image retrieval.

    #15379
    silas88
    Participant

    Oops! I had specified my client IP address. Back to the drawing board for me! I’ll retest tomorrow with the server address.

    #15381
    AITpro Admin
    Keymaster

    Correction:   You do NOT need to whitelist your Server’s IP address – it is recommended, but not required.  Yes, you are correct that if your URL’s have a trailing backslash and/or you have a subfolder site:  ait-pro.com/example-site/ then you would need to add .* after the root domain name.

    #15382
    silas88
    Participant

    I just retested it this with my server IP address and it works perfectly. That will teach me to read the instructions more carefully!
    Thanks.

    #15385
    AITpro Admin
    Keymaster

    Your .* is why it is working since I was mistaken about the Server IP address.  I cannot remember why that is needed anymore, but there are cases where the Server’s IP address is needed for the code to work.  I have updated the HotLink Protection code to include the .* for the root domain and added that the Server’s IP address is optional/not required.

    #15386
    silas88
    Participant

    It was only after adding the Server IP address (in addition to the “.*” ) that I was able to get this working without any errors from images located in my domain root – see the errors in my post above related to favicons in my root “mydomain/”
    Thanks.

    #15390
    AITpro Admin
    Keymaster

    Ok then your Server is one of the cases where the Server IP address is required.  I have updated the code and added a note for this.
    # Note: A Server IP address May be Required for
    # everything to work depending on your Host Server

    #15410
    silas88
    Participant

    I thought this was all fixed but I just noticed that I have crawl errors reported in Google web master tools for an image (.svg) file. I can not access the link to the image directly either but in the webpage it looks fine. I am puzzled!  Any idea what might be going on?
    Thanks.

Viewing 15 posts - 1 through 15 (of 80 total)
  • You must be logged in to reply to this topic.