Home › Forums › BulletProof Security Pro › Hotlink Protection Do Not Block Google, Bing or Yahoo
Tagged: Bing, block images, Bonus Custom Code, Google, hotlink, hotlink protection, image theft, Yahoo
- This topic has 79 replies, 12 voices, and was last updated 2 years, 5 months ago by AITpro Admin.
-
AuthorPosts
-
AITpro AdminKeymaster
Nope, that code is not designed to do any rewriting or redirection so you would have to use rewriting htaccess code like the code you originally posted to rewrite and redirect.
JackParticipantHello friends,
I am looking to add this hotlinking protection code, but I can not. 🙁
My structure is as follows:
The website is: example.com
WordPress is in the folder: example.com/blog
The images are set in a subdomain: uploads.example.com
Could you help me set this up? 🙂
———————————————
Olá Amigos,
Estou querendo adicionar esse código de proteção de hotlinking, mas não estou conseguindo. 🙁
Minha estrutura é a seguinte:
O site é: example.com
O WordPress está na pasta: example.com/blog
As imagens estão configuradas em um subdominio: uploads.example.com
Será que vocês poderiam me ajudar a configurar isso? 🙂AITpro AdminKeymasterWhat part of adding the code can you not do?
What is in the uploads subdomain? Another website? A WordPress site? Just a folder called /uploads/ with images in it?JackParticipantAll this is a single site. Only one WordPress installation. The difference is that WordPress is installed in example.com/blog. More the site is available on example.com thanks to index.php pointing example.com/blog. In uploads.example.com subdomain is where is configured to save the images of the site. I’m not using the default: example.com/wp-content/uploads. I’m not able to work because I do not know what the correct url should I put in the .htaccess plugin to protect everything (Root, subdomains, subfolders of a single domain and a single WordPress installation).
——————————-
Tudo isso é de um único site. Apenas uma instalação WordPress. A diferença é que o WordPress está instalado em example.com/blog. Mais o site está acessível em example.com graças ao index.php apontando para example.com/blog. No subdominio uploads.example.com é onde está configurado pra salvar as imagens do site. Não estou usando o padrão: example.com/wp-content/uploads. Não estou conseguindo fazer funcionar porque não sei qual a url correta que devo colocar no htaccess pelo plugin para proteger tudo (Raiz, subdominios, subpastas de um único domínio e uma única instalação WordPress).AITpro AdminKeymasterI believe the best method to use would be to create a new .htaccess file in the uploads subdomain folder: /uploads/.htaccess and add only the hotlink protection code in that .htaccess file with your domain root name whitelisted, which would whitelist all of your domains using the root domain.
Notes: SetEnvIfNoCase does not work on LiteSpeed servers yet. (LiteSpeed is planning on adding this in version 5.0). You probably will not need to use your server IP address and should leave that commented out with a # sign first. If things are not working then try adding your server IP address and uncommenting
Allow from xxx.xxx.xxx.xxx
SetEnvIfNoCase Referer "^(http|https)://.*example\.com.*$" whitelist SetEnvIfNoCase Referer "^(http|https)://.*google.*" whitelist SetEnvIfNoCase Referer "^(http|https)://.*yahoo.*" whitelist SetEnvIfNoCase Referer "^(http|https)://.*bing.*" whitelist <FilesMatch "\.(gif|jpg|jpeg|png|bmp)$"> Order Allow,Deny Allow from env=whitelist # Add Your Server IP Address # Note: A Server IP address May be Required for # everything to work depending on your Host Server #Allow from xxx.xxx.xxx.xxx </FilesMatch>
JackParticipantThanks for the prompt reply. I put the .htaccess code in the subdomain folder and waited a few days. I noticed today that did not work, other sites continue doing hotlink.
—————————————
Obrigado pela pronta resposta. Coloquei o código htaccess na pasta do subdomínio e aguardei uns dias. Constatei hoje que não funcionou, outros sites continuam fazendo hotlink.AITpro AdminKeymasterOk check with your web host support folks so that they can help you with your particular server/website.
KrzysztofParticipantHello!
In my htacess I have a code like this:
But today I had a security log entry:
and the site here:http://www.mobiless.tk/detail/k/AW-149.html
displays an image from our site very good when visited. Where is the cache? What did I do wrong? 😉# BLOCK HOTLINKING TO IMAGES # To Test that your Hotlinking protection is working visit http://altlab.com/htaccess_tutorial.html RewriteEngine On RewriteCond %{HTTP_REFERER} !^https?://(www\.)?infolotnicze.pl [NC] RewriteCond %{HTTP_REFERER} !^$ RewriteRule .*\.(jpeg|jpg|gif|bmp|png)$ - [F] [403 GET / HEAD Request: 19/05/2015 - 08:11] Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 66.220.146.22 Host Name: 66.220.146.22 SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://www.mobiless.tk/detail/k/AW-149.html REQUEST_URI: /wp-content/uploads/2012/03/aw149.jpg QUERY_STRING: HTTP_USER_AGENT: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)
AITpro AdminKeymasterINCORRECT: see following reply. Something about the Request was blocked, but not Image retrieval. This is a fairly common issue. You can disregard these Security Log entries.
KrzysztofParticipantBut how to block those nasty people from displaying images on our cost?
AITpro AdminKeymasterActually you are using old/outdated hotlink protection code. See the very beginning of this forum topic for Google, Yahoo, Bing safe hotlink protection code. You can block someone from hotlinking to your images, but you cannot stop them from copying and using your images.
AITpro AdminKeymasterOops I misinterpreted the Security Log entry. What happened is the Yahoo Slurp bot followed your hotlink protected image url from that site and since it is hotlink protected and the Referer is not your website then the Request was blocked. I visually checked that website and your image is not displaying on their website. So your hotlink protection code is working fine. See screenshot below.
KrzysztofParticipantOne way or the other I have changed the code to the one recomended by you 😉
KrzysztofParticipantHmmm
Here is my code But this site here http://www.free-webhosts.com/hotlinking-checker.php Informs me that my hotlinking is not working. Did I make any mistakes sin the code?SetEnvIfNoCase Referer "^(http|https)://www\.infolotnicze\.pl.*$" whitelist SetEnvIfNoCase Referer "^(http|https)://.*google.*" whitelist SetEnvIfNoCase Referer "^(http|https)://.*yahoo.*" whitelist SetEnvIfNoCase Referer "^(http|https)://.*bing.*" whitelist <FilesMatch "\.(gif|jpg|jpeg|png|bmp)$"> Order Allow,Deny Allow from env=whitelist # Add Your Server IP Address # Note: A Server IP address May be Required for # everything to work depending on your Host Server Allow from 185.5.98.32 </FilesMatch>
AITpro AdminKeymasterYour images are still blocked on the site that is hotlinking to your images so that means that the site you used to check if hotlink protection is working is not working. 😉
-
AuthorPosts
- You must be logged in to reply to this topic.