Some Htaccess help

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Axle
    Registered User
    • Oct 2002
    • 5

    #1

    Some Htaccess help

    I'm trying to lock out all referers that are not from one of my sites. My .htaccess works great, and keeps people out. Only problem is that movies, plug ins, embedded files do not load, but come up as broken. Gifs, images, jpgs, and everything else seem to load fine. I'm totally stuck on this one. Any one know how to modify this so the embedded stuff loads too?

    My current .htaccess looks like this


    AuthUserFile /dev/null
    AuthGroupFile /dev/null

    Options FollowSymLinks
    RewriteEngine On
    RewriteCond %{HTTP_REFERER} !^http://www.site1.com/ [NC]
    RewriteCond %{HTTP_REFERER} !^http://site1.com/ [NC]
    RewriteCond %{HTTP_REFERER} !^http://www.site2.com/ [NC]
    RewriteCond %{HTTP_REFERER} !^http://site2.com/ [NC]
    RewriteCond %{HTTP_REFERER} !^http://www.site3.com/ [NC]
    RewriteCond %{HTTP_REFERER} !^http://site3.com/ [NC]
    RewriteRule /* http://www.sendthemsomewhere.com/ [R,L]
  • apscripts
    Confirmed User
    • Mar 2003
    • 204

    #2
    http://www.engelschall.com/pw/apache/rewriteguide/

    I am by no means a mod_rewrite expert - but if you haven't seen that link yet it may be of use to you. It has been in my bookmarks for about 5 years.
    icq5708193

    aptgp III -- Build a Blog, an RSS feed, a text TGP, and a thumb TGP all from one installation. Own Comus or AutoGallery? Have APTGP III Installed free for 30 days; no obligations.

    Comment

    • apscripts
      Confirmed User
      • Mar 2003
      • 204

      #3
      Regarding your video files...try...

      RewriteEngine On
      RewriteOptions inherit
      RewriteCond %{HTTP_REFERER} !^http://.*ursite.com/.*$ [NC]
      RewriteCond %{HTTP_REFERER} !^http://.*urfriends.com.*$ [NC]
      RewriteCond %{HTTP_COOKIE} !(^|(.+;)*)auth=yes(;.*|$)
      RewriteRule /* http://www.sendto-onfail.com/ [R,L]

      If you put that in say your /vids folder, and then had a file called vids.php that just did (above any other code or output):

      PHP Code:
      setcookie("auth" = "yes"); 
      
      that file would also have links to your vids. Try that. Note that with the mod_rewrite example above you would also have to click a link from http://[blah.]ursite.com/ to reach vids.php in the /vids dir where that .htaccess is placed. Try that out, let me know if it doesn't work. Also - you could code some error handling into vids.php to verify that the cookie was set...otherwise they won't be able to view the vids. Maybe you could display a sorry message.
      icq5708193

      aptgp III -- Build a Blog, an RSS feed, a text TGP, and a thumb TGP all from one installation. Own Comus or AutoGallery? Have APTGP III Installed free for 30 days; no obligations.

      Comment

      • Hostedgallery
        Registered User
        • Jan 2003
        • 37

        #4
        If you don't want to use a cookie method, here's a simple modification to your .htaccess from above that should work just fine:

        RewriteEngine on
        RewriteCond %{HTTP_REFERER} !^$
        RewriteCond %{HTTP_REFERER} !^http://.*yourdomain.com [NC]
        RewriteCond %{HTTP_REFERER} !^http://your.website.ip.address [NC]
        RewriteRule .*\.(gif|GIF|jpg|JPG|mpg|MPG|Mpeg|mpeg|MPEG)$ http://www.yourdomain.com [R,L]
        ErrorDocument 404 http://www.yourdomain.com/
        ErrorDocument 403 http://www.yourdomain.com/
        ErrorDocument 405 http://www.yourdomain.com/
        ErrorDocument 500 http://www.yourdomain.com/

        And of course you can add more filetypes into the RewriteRule if you so choose.

        Kevin G.
        <a href="http://www.hostedgallery.com/"><img border="0" src="http://www.hostedgallery.com/boardimages/1_animated.gif" width="120" height="60"></a>
        <font face="Verdana" size="2">ICQ: <a href="http://wwp.icq.com/scripts/contact.dll?msgto=333015437">333015437</a>
        AIM: <a href="aim:goim?screenname=hstdgallery&message=Hell o+There.">hstdgallery</a></font>

        Comment

        • apscripts
          Confirmed User
          • Mar 2003
          • 204

          #5
          The reason that the problem exists in the first place on media files is that the media players do not send HTTP_REFERER - If you have a sniffer you can see this clearly. There is someone out there selling a $300 script (perhaps it's an apache module?) that does pretty much what that mod_rewrite above does. Mind you, this only pertains to video/audio media files that spawn helper apps. I think it is fair to say that if the surfer's browser isn't sending the referrer, and isn't permitting cookies....that they can get your exit page or whatever. Is that fair?

          Check this out:

          http://www.webpimps.com/scripts/htaccess/

          These folks have done a fine job describing the method to protect your vid files.

          Also:

          http://search.yahoo.com/search?p=cookie+in+htaccess
          icq5708193

          aptgp III -- Build a Blog, an RSS feed, a text TGP, and a thumb TGP all from one installation. Own Comus or AutoGallery? Have APTGP III Installed free for 30 days; no obligations.

          Comment

          Working...