Home › Forums › BulletProof Security Pro › Hotlink Protection Do Not Block Google, Bing or Yahoo
Tagged: Bing, block images, Bonus Custom Code, Google, hotlink, hotlink protection, image theft, Yahoo
- This topic has 79 replies, 12 voices, and was last updated 2 years, 3 months ago by AITpro Admin.
-
AuthorPosts
-
AITpro AdminKeymaster
Hotlink Protection: Will not block Google, Bing and Yahoo from retrieving images from your website.
1. Add the Hotlink Protection code to this BPS Root Custom Code text box: CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE: Add miscellaneous code here
2. Click the Save Root Custom Code button.
3. BPS Pro 11.9+ & BPS .53.8+: Go to the Security Modes page and click the Root Folder BulletProof Mode Activate button.
3. Older BPS versions: Go to the Security Modes page, click the Create secure.htaccess File AutoMagic button, select the Activate Root Folder BulletProof Mode Radio button and click the Activate|Deactivate button.Note: LiteSpeed servers do not support the Apache SetEnv directive. If you have a LiteSpeed server this code will not work on your website and you will need to use the Dumbed Down Hotlink Protection code.
# Hotlink Protection: google, bing, yahoo safe # Replace the ait-pro.com domain name with your website domain name SetEnvIfNoCase Referer "^(http|https)://.*\.ait-pro\.com$" whitelist SetEnvIfNoCase Referer "^(http|https)://.*\.google\.com$" whitelist SetEnvIfNoCase Referer "^(http|https)://.*\.yahoo\.com$" whitelist SetEnvIfNoCase Referer "^(http|https)://.*\.bing\.com$" whitelist <FilesMatch "\.(gif|jpg|jpeg|png|bmp)$"> Order Allow,Deny Allow from env=whitelist </FilesMatch>
Dumbed Down Hotlink Protection code
This code is dumbed down to work on LiteSpeed servers and all other servers. Will not block Google, Bing and Yahoo from retrieving images from your website.# Hotlink Protection code Dumbed Down to work on all servers: # Regex ? character & SetEnv directive do not work on some servers # Forbid empty Referer & all other domains from hotlinking to images # Except for your domain, google, yahoo or bing domains # Replace the ait-pro.com domain name with your website domain name RewriteCond %{HTTP_REFERER} !^($|(http|https):\/\/.*(ait-pro\.com|google\.com|yahoo\.com|bing\.com)) [NC] RewriteCond %{REQUEST_URI} ^.*\.(jpeg|jpg|gif|bmp|png)$ [NC] RewriteRule ^(.*)$ - [F]
Troubleshooting possible causes for Hotlink Protection code not working on your website:
• Incorrect domain name used in code.
• LiteSpeed servers do not support the Apache SetEnv directive – use the Dumbed Down Hotlink Protection code.
• BPS Custom Code steps were not done or done completely.
• External service like cloudflare or a CDN caching content externally/offsite.
• Local cache, caching plugin or Browser cache.
• SSL or Proxy configuration issue/problem.Additional Notes: Some servers do not process the Regex question mark character ? due to server security or other configuration settings. For that reason the Regex ? character has not been used in any of the code above and “or” conditions using the Pipe Operator | have been used instead since this Regex character is allowed on all servers. The ? Regex character matches 0 or 1 of the preceding token, effectively making it optional.
AITpro AdminKeymasterIf you have an image or images that you do not want to allow HotLinking for these specific images (including Google, Yahoo and Bing) then this code will protect individual images from being HotLinked. This code can be used together with the Google, Yahoo, Bing safe HotLink Protection code.
Replace the ait-pro.com domain with your actual domain name. Replace the Server IP Address with your actual Server IP Address. Add you actual image file names in the FilesMatch section of code.
# HotLink Protection for individual images SetEnvIfNoCase Referer "^(http|https)://www\.ait-pro\.com$" whitelist-special <FilesMatch "(example-image-name-1\.png|example-image-name-2\.png|example-image-name-3\.png)$"> Order Allow,Deny Allow from env=whitelist-special # Add Your Server IP Address Allow from 173.201.92.1 </FilesMatch>
JamesParticipantThanks for this, very useful. Could I just confirm a few details with regards to the correct code and formatting please? If I have a .com and .co.uk version of the same domain, is it better to use:
SetEnvIfNoCase Referer "^(http|https)://www\.mydomain\.com$" whitelist SetEnvIfNoCase Referer "^(http|https)://www\.mydomain\.co.uk$" whitelist or maybe: SetEnvIfNoCase Referer "^(http|https)://.*mydomain.*" whitelist Also, for the server address white listing line, is the dollar sign at the end of the server address a wildcard term? Do I understand correctly that I don't need to enter the full 3 digits of the last part of the server address, just the first digit followed by the $? So if my server address is 123.123.123.123 then should the line read: SetEnvIf Server_Addr "^123\.123\.123\.1$" whitelist or SetEnvIf Server_Addr "^123\.123\.123\.123$" whitelist
Many thanks, James
AITpro AdminKeymasterYep, if both the .com and .co.uk websites are sharing image files then using Regular Expressions code .* match anything – works fine. If the 2 websites are not sharing image files then this is not necessary to do. If each website is only using/displaying image files on its own site then you would not need to create this type of rule with Regular Expressions code.
SetEnvIfNoCase Referer "^(http|https)://.*mydomain.*" whitelist
In this particular case/usage the caret ^ means the start of the condition/rule and the dollar sign $ means the end of the condition/rule.
If you wanted to use Regular Expressions code to match any number from 0 to 9 with 1 to 3 characters in the 4th octet of the IP address. This is just an example and is not necessary because your Server/website IP address is static and will not change, unless of course you moved to another Server or Host.
Note: This was referring to older code that was actually a mistake and has now been changed and corrected above.
SetEnvIf Server_Addr "^99\.88\.77\.[0-9]{1,3}$" whitelist
Young MasterParticipantHello AITpro Admin,
Am having problems using this hotlink protection code on my site. After testing this code on my site all the images disappeared on my site including plugins images. Is there an alternative to this code?
AITpro AdminKeymasterThis code should work fine on every single Host Server worldwide so double check that you changed the example domain name to your domain name and changed the IP address in the code and check that you did not make a typo/mistake.
silas88ParticipantHi,
I thought this code was working for me until I commented out my IP address. Then I found that images were being blocked so I’d recommend anyone who uses this to test either with another IP address or comment out the IP address until you know it’s working.
I have been able to get this to partially work by changing the site Referer rule slightly…
SetEnvIfNoCase Referer "^(http|https)://www\.mydomain\.com.*" whitelist
I noticed that I had Referer strings in old test logs which often ended with a “mydomain.com/”. Unfortunately I can see in my cpanel log that some images in the root are still being blocked.
[Sun Jun 01 02:17:30 2014] [error] [client 11.22.333.44] client denied by server configuration: /home/user/public_html/mydomain.com/favicon-196x196.png [Sun Jun 01 02:17:30 2014] [error] [client 11.22.333.44] client denied by server configuration: /home/user/public_html/mydomain.com/favicon-160x160.png [Sun Jun 01 02:17:29 2014] [error] [client 11.22.333.44] client denied by server configuration: /home/user/public_html/mydomain.com/favicon-96x96.png [Sun Jun 01 02:17:28 2014] [error] [client 11.22.333.44] client denied by server configuration: /home/user/public_html/mydomain.com/favicon-16x16.png [Sun Jun 01 02:17:28 2014] [error] [client 11.22.333.44] client denied by server configuration: /home/user/public_html/mydomain.com/favicon-32x32.png
I think these errors may be due to legitimate requests which have a blank Referer string but I haven’t tested enough to say this for certain.
AITpro AdminKeymasterI thought this code was working for me until I commented out my IP address.
Do you mean you commented out your Server’s IP address? Your Server’s IP address must be included in the FilesMatch section of code in order to allow image retrieval.
silas88ParticipantOops! I had specified my client IP address. Back to the drawing board for me! I’ll retest tomorrow with the server address.
AITpro AdminKeymasterCorrection: You do NOT need to whitelist your Server’s IP address – it is recommended, but not required. Yes, you are correct that if your URL’s have a trailing backslash and/or you have a subfolder site: ait-pro.com/example-site/ then you would need to add .* after the root domain name.
silas88ParticipantI just retested it this with my server IP address and it works perfectly. That will teach me to read the instructions more carefully!
Thanks.AITpro AdminKeymasterYour .* is why it is working since I was mistaken about the Server IP address. I cannot remember why that is needed anymore, but there are cases where the Server’s IP address is needed for the code to work. I have updated the HotLink Protection code to include the .* for the root domain and added that the Server’s IP address is optional/not required.
silas88ParticipantIt was only after adding the Server IP address (in addition to the “.*” ) that I was able to get this working without any errors from images located in my domain root – see the errors in my post above related to favicons in my root “mydomain/”
Thanks.AITpro AdminKeymasterOk then your Server is one of the cases where the Server IP address is required. I have updated the code and added a note for this.
# Note: A Server IP address May be Required for
# everything to work depending on your Host Serversilas88ParticipantI thought this was all fixed but I just noticed that I have crawl errors reported in Google web master tools for an image (.svg) file. I can not access the link to the image directly either but in the webpage it looks fine. I am puzzled! Any idea what might be going on?
Thanks. -
AuthorPosts
- You must be logged in to reply to this topic.