Home › Forums › BulletProof Security Pro › htaccess Image File Protection – FilesMatch
- This topic has 25 replies, 2 voices, and was last updated 11 years, 2 months ago by Amel.
-
AuthorPosts
-
AmelParticipant
Thank You for reply, I will change the order “Order Allow,Deny” and will let You know …
As you said:
Good bots follow the rules in a robots.txt file. Bad bots do whatever they want and will ignore a robots.txt file.
Why bother what kind of bot it is, the good one or not, therefore I will use the htaccess, than the bots can be exactly how they will,
but they will never get the pictures 🙂AmelParticipantJust tried both combinations You mentioned in previous post, but no luck, still the same issue….
If this with htaccess is not working, than I have to fix a file protection, so only registered users are able to see the files, in this case
all users has to be logged in in order to be able to see the picture in the post, but this is not a bad idea at all, than google cannot crawl these
images because google is not authenticated… so easy…AmelParticipantThe option I mentioned will not work as this is “file” manager and I cannot insert a picture in a post because it will not display the picture
but only download link…
So I still need to use media library but I really do not understand why these htaccess codes does not works … strangeAITpro AdminKeymasterYep the .htaccess code should work so I am not sure what exactly is wrong. Double check that you are doing everything correctly.
AmelParticipantok, will do it, but let me know if I understand it correctly..
after I add this htaccess code, than I should be able to see all the images in the posts and pages as long as they are posted on the web sitewith certain domain name allowed in htaccess file ?
And if someone else copy the direct image link and paste it from his own page than it would not work ?
AITpro AdminKeymasterThe doman name or names that you allow are the only domain names that will be able to see the images. All other domains will be forbidden. You are forbidding the file extensions and only allowing certains domains to view the file – they will be forbidden to anyone that is not clicking the link from your domain.
AmelParticipantok I understand ….
Thank YouAITpro AdminKeymasterOh wait a minute. I got this wrong. What is going to be looked at is your Public IP Address and not the domain name. Because your Public IP address is what would be allowed or not allowed. Sorry I am trying to get BPS Pro 5.6 completed so my attention is elsewhere. You would need to use some htaccess code in your root .htaccess like the example HotLinking code to restrict by Host or Referrer. I will play around with this tomorrow, but this is the general idea you would want to use something similar to this example code in your uploads .htaccess file.
# BLOCK HOTLINKING TO IMAGES # To Test that your Hotlinking protection is working visit http://altlab.com/htaccess_tutorial.html #RewriteEngine On #RewriteCond %{HTTP_REFERER} !^https?://(www\.)?add-your-domain-here\.com [NC] #RewriteCond %{HTTP_REFERER} !^$ #RewriteRule .*\.(jpeg|jpg|gif|bmp|png)$ - [F]
AITpro AdminKeymasterYou could use the FilesMatch code and create a Referrer Whitelist for your domain like this. I have not tested this, but it whitelists by Referrer so it would probably work.
SetEnvIf Referer "^http://www.example.com/" whitelist # FORBID ALL image files by file extension from being viewed from any other domain except mine <FilesMatch "\.(png|jpg|gif)$">
Order Deny,Allow
Allow from env=whitelist
Deny from all
</FilesMatch>AITpro AdminKeymasterYep it works – just tested it. This is just a fancier way of blocking HotLinking to images.
AmelParticipantyes, I confirm it`s working just as expected !!
Thank You for helping !!
Best regards
Amel
-
AuthorPosts
- You must be logged in to reply to this topic.