Hotlink Protection Do Not Block Google, Bing or Yahoo

Home Forums BulletProof Security Pro Hotlink Protection Do Not Block Google, Bing or Yahoo

This topic contains 77 replies, has 11 voices, and was last updated by  Geoff 2 months ago.

Viewing 15 posts - 61 through 75 (of 78 total)
  • Author
    Posts
  • #22814

    Krzysztof
    Participant

    I don’t think so – I took a random image and tested it here: http://coldlink.com/htm/tool.htm

    The image is still displayed. Something must be wrong with my setup.

    #22819

    AITpro Admin
    Keymaster

    Yes. You are correct.  Hotlink protection is no longer working on your site.  I was able to hotlink to one of your images here:  http://bulletproof-security-pro.com/bpspro/hotlink-protection-test/  I will be updating the very beginning of this forum topic with a list of possible causes for hotlink protection problems and troubleshooting steps to check those possible causes.

    #22820

    AITpro Admin
    Keymaster

    This is dumbed down hotlink protection code that will work on all servers.  This code is Google, Bing and Yahoo safe hotlink protection.  This code and additional help information will be added to the beginning of this forum topic.

    # Hotlink Protection code Dumbed Down to work on all servers:
    # Regex ? character & SetEnv directive do not work on some servers
    # Forbid empty Referer & all other domains from hotlinking to images
    # Except for your domain, google, yahoo or bing domains
    # Replace the ait-pro.com domain name with your website domain name 
    RewriteCond %{HTTP_REFERER} !^($|(http|https):\/\/.*(ait-pro\.com|google\.com|yahoo\.com|bing\.com)) [NC]
    RewriteCond %{REQUEST_URI} ^.*\.(jpeg|jpg|gif|bmp|png)$ [NC]
    RewriteRule ^(.*)$ - [F]
    #22829

    AITpro Admin
    Keymaster

    The main forum topic post in this topic has been updated with new Hotlink Protection code and help information.

    #22830

    Krzysztof
    Participant

    I have placed the new code and now I think that it works. (I think that one needs to test it on a clean browser as the cache code is working and it displays the image – on a clean Opera the image is not displayed) The bottom line is – today’s situation is another good example why BPS Pro is absolutely the first league when it goes for security and why it is worth to promote it 🙂

    Thank you very much for your extensive help!

    #22831

    Krzysztof
    Participant

    Hmm my server is not cooperating with us at all 😉 I have tried the test again here: http://coldlink.com/htm/tool.htm and it doesn’t work again.

    #22832

    AITpro Admin
    Keymaster

    Your Hotlink Protection code is working.  Look at this testing site: http://bulletproof-security-pro.com/bpspro/hotlink-protection-test/ where I am trying to hotlink to your image – it is blocked.  The image is not displayed.

    #22837

    AITpro Admin
    Keymaster

    Hmm I just thought of something.  Maybe you are not exactly sure what “hotlinking” means.  A direct link to your website is not a hotlink.  A hotlink to an image is when someone is loading your image file on their website by using code like this below, which as you can see is blocked below since your Hotlink Protection code is working.
    [hotlink example – removed/deleted]

    Or another very common thing that happens all the time is this scenario:  Your image was not originally hotlink protected and another website hotlinked to that image file.  That other site is using an external service like cloudflare or a CDN and cloudflare or the CDN is displaying the image and not that actual website that originally hotlinked your image.  External services like cloudflare and CDN’s literally copy data and images and store and display them from their servers.  Basically this means that your image file has been copied and if that is the case then you cannot do anything about that.  The image is no longer being retrieved from your website, it is being retrieved from cloudflare or a CDN that copied your image.

    #22840

    Krzysztof
    Participant

    Hmm – I just did what was written on that site – I have posted a direct link to a picture like in the example: http://www.example.com/picture.jpg and it displayed it there. That is why I thought that it is not working.

    #22841

    AITpro Admin
    Keymaster

    Neither here nor there my friend.  I tried to hotlink to an image file on your website in this forum topic and as you can see the hotlinked image file is not displayed and is being blocked from being hotlinked from your website.

    #22871

    James
    Participant

    Thanks guys for the update.

    I’ve been trying to get the standard hot linking code to work, but to no avail.  It keeps blocking all access to the images, even from the websites that are whitelisted (including the WP site which hosts the images).  My server does not have Lightspeed, but it does run with DSO for caching so I am assuming that this is also not compatible with the code?  Maybe worth mentioning this in the troubleshooting info. The ‘dumbed down’ version of the hot-linking code seems to work just fine though!

    Cheers, James

    #28667

    John
    Participant

    Hi,
    I’m using WPML to run a multilingual site. Each language is structured by subdirectory. With regards to your comment #15381, does this mean I should add .* after the root domain name like this?

    SetEnvIfNoCase Referer "^(http|https)://.*\.domain\.com.*" whitelist

    And do I understand correctly that if each language is structured by subdomain, the code should go like this?

    SetEnvIfNoCase Referer "^(http|https)://.*domain\.com$" whitelist

    Apparently, I’m not really a technical person, so I’d really appreciate if you could advise me on this.

    Best regards,

    #28672

    AITpro Admin
    Keymaster

    In Regular Expressions (Regex) code the .* characters mean match anything/everything. So this code below would match subdomains and also subdirectories: example.domain.com and/or domain.com/subdirectory/

    SetEnvIfNoCase Referer "^(http|https)://.*\.domain\.com.*" whitelist
    #28686

    John
    Participant

    I tried using this code

    SetEnvIfNoCase Referer "^(http|https)://.*\.domain\.com.*" whitelist

    but some of the thumbnail images on my dashboard were not displayed. So I tried this code instead

    SetEnvIfNoCase Referer "^(http|https)://.*domain\.com.*" whitelist

    and the thumbnail images are properly displayed. Could you please confirm again if this is correctly done?

    Thanks.

    #28696

    AITpro Admin
    Keymaster

    @ John – Yes, that looks correct.

Viewing 15 posts - 61 through 75 (of 78 total)

You must be logged in to reply to this topic.