Hotlink Protection Do Not Block Google, Bing or Yahoo

Home Forums BulletProof Security Pro Hotlink Protection Do Not Block Google, Bing or Yahoo

This topic contains 77 replies, has 11 voices, and was last updated by  Geoff 2 months ago.

Viewing 15 posts - 46 through 60 (of 78 total)
  • Author
    Posts
  • #20169

    AITpro Admin
    Keymaster

    Nope, that code is not designed to do any rewriting or redirection so you would have to use rewriting htaccess code like the code you originally posted to rewrite and redirect.

    #20533

    Jack
    Participant

    Hello friends,
    I am looking to add this hotlinking protection code, but I can not. 🙁
    My structure is as follows:
    The website is: example.com
    WordPress is in the folder: example.com/blog
    The images are set in a subdomain: uploads.example.com
    Could you help me set this up? 🙂
    ———————————————
    Olá Amigos,
    Estou querendo adicionar esse código de proteção de hotlinking, mas não estou conseguindo. 🙁
    Minha estrutura é a seguinte:
    O site é: example.com
    O WordPress está na pasta: example.com/blog
    As imagens estão configuradas em um subdominio: uploads.example.com
    Será que vocês poderiam me ajudar a configurar isso? 🙂

    #20534

    AITpro Admin
    Keymaster

    What part of adding the code can you not do?
    What is in the uploads subdomain? Another website? A WordPress site? Just a folder called /uploads/ with images in it?

    #20540

    Jack
    Participant

    All this is a single site. Only one WordPress installation. The difference is that WordPress is installed in example.com/blog. More the site is available on example.com thanks to index.php pointing example.com/blog. In uploads.example.com subdomain is where is configured to save the images of the site. I’m not using the default: example.com/wp-content/uploads. I’m not able to work because I do not know what the correct url should I put in the .htaccess plugin to protect everything (Root, subdomains, subfolders of a single domain and a single WordPress installation).
    ——————————-
    Tudo isso é de um único site. Apenas uma instalação WordPress. A diferença é que o WordPress está instalado em example.com/blog. Mais o site está acessível em example.com graças ao index.php apontando para example.com/blog. No subdominio uploads.example.com é onde está configurado pra salvar as imagens do site. Não estou usando o padrão: example.com/wp-content/uploads. Não estou conseguindo fazer funcionar porque não sei qual a url correta que devo colocar no htaccess pelo plugin para proteger tudo (Raiz, subdominios, subpastas de um único domínio e uma única instalação WordPress).

    #20548

    AITpro Admin
    Keymaster

    I believe the best method to use would be to create a new .htaccess file in the uploads subdomain folder:  /uploads/.htaccess and add only the hotlink protection code in that .htaccess file with your domain root name whitelisted, which would whitelist all of your domains using the root domain.

    Notes:  SetEnvIfNoCase does not work on LiteSpeed servers yet. (LiteSpeed is planning on adding this in version 5.0). You probably will not need to use your server IP address and should leave that commented out with a # sign first. If things are not working then try adding your server IP address and uncommenting Allow from xxx.xxx.xxx.xxx

    SetEnvIfNoCase Referer "^(http|https)://.*example\.com.*$" whitelist
    SetEnvIfNoCase Referer "^(http|https)://.*google.*" whitelist
    SetEnvIfNoCase Referer "^(http|https)://.*yahoo.*" whitelist
    SetEnvIfNoCase Referer "^(http|https)://.*bing.*" whitelist
    
    <FilesMatch "\.(gif|jpg|jpeg|png|bmp)$">
    Order Allow,Deny
    Allow from env=whitelist
    # Add Your Server IP Address
    # Note: A Server IP address May be Required for 
    # everything to work depending on your Host Server
    #Allow from xxx.xxx.xxx.xxx
    </FilesMatch>
    #20606

    Jack
    Participant

    Thanks for the prompt reply. I put the .htaccess code in the subdomain folder and waited a few days. I noticed today that did not work, other sites continue doing hotlink.
    —————————————
    Obrigado pela pronta resposta. Coloquei o código htaccess na pasta do subdomínio e aguardei uns dias. Constatei hoje que não funcionou, outros sites continuam fazendo hotlink.

    #20612

    AITpro Admin
    Keymaster

    Ok check with your web host support folks so that they can help you with your particular server/website.

    #22782

    Krzysztof
    Participant

    Hello!
    In my htacess I have a code like this:
    But today I had a security log entry:
    and the site here: http://www.mobiless.tk/detail/k/AW-149.html
    displays an image from our site very good when visited. Where is the cache? What did I do wrong? 😉

    # BLOCK HOTLINKING TO IMAGES
    # To Test that your Hotlinking protection is working visit http://altlab.com/htaccess_tutorial.html
    RewriteEngine On
    RewriteCond %{HTTP_REFERER} !^https?://(www\.)?infolotnicze.pl [NC]
    RewriteCond %{HTTP_REFERER} !^$
    RewriteRule .*\.(jpeg|jpg|gif|bmp|png)$ - [F]
    
    [403 GET / HEAD Request: 19/05/2015 - 08:11]
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 66.220.146.22
    Host Name: 66.220.146.22
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http://www.mobiless.tk/detail/k/AW-149.html
    REQUEST_URI: /wp-content/uploads/2012/03/aw149.jpg
    QUERY_STRING:
    HTTP_USER_AGENT: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)
    
    #22785

    AITpro Admin
    Keymaster

    INCORRECT: see following reply.  Something about the Request was blocked, but not Image retrieval.  This is a fairly common issue.  You can disregard these Security Log entries.

    #22786

    Krzysztof
    Participant

    But how to block those nasty people from displaying images on our cost?

    #22787

    AITpro Admin
    Keymaster

    Actually you are using old/outdated hotlink protection code.  See the very beginning of this forum topic for Google, Yahoo, Bing safe hotlink protection code.  You can block someone from hotlinking to your images, but you cannot stop them from copying and using your images.

    #22791

    AITpro Admin
    Keymaster

    Oops I misinterpreted the Security Log entry.  What happened is the Yahoo Slurp bot followed your hotlink protected image url from that site and since it is hotlink protected and the Referer is not your website then the Request was blocked.  I visually checked that website and your image is not displaying on their website.  So your hotlink protection code is working fine. See screenshot below.

    hotlink protected image

    #22795

    Krzysztof
    Participant

    One way or the other I have changed the code to the one recomended by you 😉

    #22802

    Krzysztof
    Participant

    Hmmm
    Here is my code But this site here http://www.free-webhosts.com/hotlinking-checker.php Informs me that my hotlinking is not working. Did I make any mistakes sin the code?

    SetEnvIfNoCase Referer "^(http|https)://www\.infolotnicze\.pl.*$" whitelist
    SetEnvIfNoCase Referer "^(http|https)://.*google.*" whitelist
    SetEnvIfNoCase Referer "^(http|https)://.*yahoo.*" whitelist
    SetEnvIfNoCase Referer "^(http|https)://.*bing.*" whitelist
    
    <FilesMatch "\.(gif|jpg|jpeg|png|bmp)$">
    Order Allow,Deny
    Allow from env=whitelist
    # Add Your Server IP Address
    # Note: A Server IP address May be Required for
    # everything to work depending on your Host Server
    Allow from 185.5.98.32
    </FilesMatch>
    
    #22809

    AITpro Admin
    Keymaster

    Your images are still blocked on the site that is hotlinking to your images so that means that the site you used to check if hotlink protection is working is not working.  😉

Viewing 15 posts - 46 through 60 (of 78 total)

You must be logged in to reply to this topic.