Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. General Discussion (Legacy)
  4. Topic: bandwidth theft - stopping deep hotlinking - .htaccess
« previous next »
Pages: [1]   Go Down

bandwidth theft - stopping deep hotlinking - .htaccess

  • 2 Replies
  • 413 Views

Robert Harlow

bandwidth theft - stopping deep hotlinking - .htaccess
« on: August 08, 2003, 08:39:49 PM »
Sirs

My (copyright) images are being served out in response to incoming deep hotlinks. IOW I have a bandwidth thief on my hands.

The best option appears to be some fancy (PHP) (mod_rewrite) (.htaccess) stuff that stops my server serving out image calls (REFERER) that have NOT originated from my site here on the same server. Don't be fooled by my apparent depth of knowledge on this matter and its expected resolution...;~/

When I come to try it out, the effect of the darned .htaccess file is to stop the serving of the protected directory's images to ANY sites - including mine. Which is a bit of a downer:~|

Lurking on the 'Gallery' fora has confirmed that this is the way to go about it, but nobody is able to resolve why my implementation of, what should be a fairly simple exercise, operates so strangely and inappropriately. So I have come home to the Mitel fora to see if I can obtain help - from a server point of view.

Here are two examples of the contents of the .htaccess file:


----------------------------------->
#prevent image bandwidth stealing
RewriteEngine On
#jpg files
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://.*(mydomain).*$ [NC]
RewriteRule .*.[Jj][Pp][Gg]*$ http://(mydomain)/blank.gif [R,L]
#gif files
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://.*(mydomain).*$ [NC]
RewriteRule .*.[Gg][Ii][Ff]*$ http://(mydomain)/blank.gif [R,L]
<------------------------------------

or alternatively this one...

----------------------------------->
#anti-hotlinking the pix
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(mydomain) [NC]
RewriteCond %{HTTP_REFERER} !^http://www.(mydomain) [NC]
RewriteCond %{HTTP_REFERER} !^http://staticIP [NC]
RewriteCond %{HTTP_REFERER} !^staticIP [NC]
RewriteCond %{HTTP_REFERER} !^192.168.171.* [NC]
RewriteCond %{HTTP_REFERER} !^192.168.*.*
RewriteRule [^/]+.(gif|jpg|GIF|JPG)$ [F]
<------------------------------------

Brief details:
Mitel SME server v5.6u2  (static IP - broadband)
no ISP involved just the broadband 'bandwidth-supplier'
Apache v1.3.27
Gallery v1.3.4-pl1
PHPv 4.3.2    //I've added this in myself
GD bundled (v2.0.12 compatible)
netpbm-9.14-2.i386.rpm   //I've added this in myself
netpbm-progs-9.14-2.i386.rpm   //I've added this in myself
libtiff-3.5.5-13.i386.rpm   //I've added this in myself
MySQL v3.23.49
mod_rewrite is loaded
M$ IE5.5
Mozilla 1.3

A look at the server's httpd error log reveals lots of this sort of thing (while the .htaccess file is active):
----------------------------------->
[Fri Aug  8 07:52:12 2003] [error] [client 192.168.171.65] Options FollowSymLinks or SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden: /home/e-smith/files/ibays/stbcom/html/assets/images/summerfete0010mini.gif
<------------------------------------

The installation and operation of this Gallery (OpenSource) software has left me very impressed and I really would like to get this issue resolved.

Is there something that I have to do, or get done, to enable this sort of bandwidth theft prevention to work on my SME server?

best wishes, Robert
Logged

Ture

Re: bandwidth theft - stopping deep hotlinking - .htaccess
« Reply #1 on: August 10, 2003, 11:27:06 PM »
Blocked Inline-Images
Have you looked here:
http://httpd.apache.org/docs/misc/rewriteguide.html

----------------------------------->
Blocked Inline-Images

Description:
    Assume we have under http://www.quux-corp.de/~quux/ some pages with inlined GIF graphics. These graphics are nice, so others directly incorporate them via hyperlinks to their pages. We don't like this practice because it adds useless traffic to our server.
Solution:
    While we cannot 100% protect the images from inclusion, we can at least restrict the cases where the browser sends a HTTP Referer header.

RewriteCond %{HTTP_REFERER} !^$                                  
RewriteCond %{HTTP_REFERER} !^http://www.quux-corp.de/~quux/.*$ [NC]
RewriteRule .*\.gif$        -                                    [F]

RewriteCond %{HTTP_REFERER}         !^$                                  
RewriteCond %{HTTP_REFERER}         !.*/foo-with-gif\.html$
RewriteRule ^inlined-in-foo\.gif$   -                        [F]
<------------------------------------

Hope this helps you.
Logged

Robert Harlow

Re: bandwidth theft - stopping deep hotlinking - .htaccess
« Reply #2 on: August 11, 2003, 12:04:10 AM »
Not entirely sure what differences your quotes make to the situation but I will chase that link, thank you:-)

Earlier I derived some intelligence from a similar thread but one I had over-hastily discounted.... It dealt with MP3 files so I had ignored it, but later realised that conceptually this person had a similar problem (though in a slightly different direction). There was an extra line I thought I would try:
Options +FollowSymLinks
Which I inserted after the RewriteEngine On statement.

Immediately I found that my server (correctly) served my images to me. Now whether it does so similarly, to my bandwidth pirate, I won't be able to tell until something comes up in the log... Tomorrow I hope to contact a friendly coder to see it he can hotlink-test for me.

Thank you anyway for your code offering:-) Will keep this thread updated.

best wishes, Robert
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. General Discussion (Legacy)
  4. Topic: bandwidth theft - stopping deep hotlinking - .htaccess