Home > Archive > PHP Language > July 2004 > Need Help to prevent external linking
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Need Help to prevent external linking
|
|
| George Hernandez 2004-07-23, 3:55 am |
| I have a site on a set of Linux Servers where my site is PHP enabled and I
would like to prevent people from externally linking to content on my site
and replace it with a warning image.
I've researched the following to put in an .htaccess file on teh root of my
server, but none of the methods or changes or suggestions I've found on the
web work...
========================================
====================
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.mydomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://mydomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://anothermydomain/.*$ [NC]
RewriteRule .*\.jpeg$ - [F]
RewriteRule .*\.jpg$ - [F]
RewriteRule .*\.zip$ - [F]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule ^URL_of_my_warning_image.jpg$ - [F]
========================================
====================
that is all I have in teh .htaccess file that sits at the root of my server,
but no matter what, if I type in a URL leading to content on my site
architecture, the warning image does not display - the file that was
requested is given. I want to force people to have to be at my site to be
able to view the images or download the zip files.
Please help.
Thanks.
| |
|
| On Fri, 23 Jul 2004 02:24:59 +0000, George Hernandez wrote:
> I have a site on a set of Linux Servers where my site is PHP enabled and I
> would like to prevent people from externally linking to content on my site
> and replace it with a warning image.
[ snip ]
Other than this has nothing to do with PHP, the short and bitter truth
answer is, you can't =)
Regards,
Ian
--
Ian.H
digiServ Network
London, UK
http://digiserv.net/
| |
| CJ Llewellyn 2004-07-23, 8:56 am |
| "George Hernandez" <no_email@no_domain.pud> wrote in message
news:%F_Lc.59$q9.114753@news4.srv.hcvlny.cv.net...
> I have a site on a set of Linux Servers where my site is PHP enabled and I
> would like to prevent people from externally linking to content on my site
> and replace it with a warning image.
>
> I've researched the following to put in an .htaccess file on teh root of
my
> server, but none of the methods or changes or suggestions I've found on
the
> web work...
-snip-
You have set RewriteEngine On?
Check your server is processing .htaccess files by setting up a password
protected directory.
| |
|
| "George Hernandez" <no_email@no_domain.pud> wrote in message
news:%F_Lc.59$q9.114753@news4.srv.hcvlny.cv.net...
> that is all I have in teh .htaccess file that sits at the root of my
server,
> but no matter what, if I type in a URL leading to content on my site
> architecture, the warning image does not display - the file that was
> requested is given. I want to force people to have to be at my site to be
> able to view the images or download the zip files.
It is a lot o fwork, but you could serve all images and zips from, php
scripts. so instead of using <img src="img17.gif"> you would be using
something like <img src="img.php?imgId=17"> . Now img.php would send
appropriate header, and then stream (from protected location) image byte
stream. Also when img.php could for instance check the referer field, and
stream "not allowed" image. Problem with referer is that browser does not
have to send it, so some of "leagal users" would not be able to see your
images. Another solution is to have (time limited) session ids given with
each request for image, something like <img
src="img.php?imgId=17&sessionId=098989DDAJK">. If sessionId is not valid,
no image. Or you could combine the two methods.
rush
--
http://www.templatetamer.com/
| |
| chotiwallah 2004-07-23, 3:55 pm |
| "CJ Llewellyn" <satest@tmslifeline.com> wrote in message news:<cdqhfn$ck7$1@slavica.ukpost.com>...
> "George Hernandez" <no_email@no_domain.pud> wrote in message
> news:%F_Lc.59$q9.114753@news4.srv.hcvlny.cv.net...
> my
> the
> -snip-
>
> You have set RewriteEngine On?
>
> Check your server is processing .htaccess files by setting up a password
> protected directory.
what means "externally linking into your page"? i think you mean using
your pages as part of someone elses site. if that is the case and you
are using a frameset there is a quite simple javascript solution. just
have every html doc check the frameset it's opened in by with
top.document.id
so if the id of the topmost frame is not the one of your own frameset,
you can have javascript perform some action
micha
| |
| mitchie alexander 2004-07-25, 8:56 pm |
|
"rush" <pipa@rush.avalon.hr> wrote in message
news:cdqtd3$ac7$1@ls219.htnet.hr...
> "George Hernandez" <no_email@no_domain.pud> wrote in message
> news:%F_Lc.59$q9.114753@news4.srv.hcvlny.cv.net...
> server,
be[color=darkred]
>
> It is a lot o fwork, but you could serve all images and zips from, php
> scripts. so instead of using <img src="img17.gif"> you would be using
> something like <img src="img.php?imgId=17"> . Now img.php would send
> appropriate header, and then stream (from protected location) image byte
> stream. Also when img.php could for instance check the referer field, and
> stream "not allowed" image. Problem with referer is that browser does not
> have to send it, so some of "leagal users" would not be able to see your
> images. Another solution is to have (time limited) session ids given with
> each request for image, something like <img
> src="img.php?imgId=17&sessionId=098989DDAJK">. If sessionId is not valid,
> no image. Or you could combine the two methods.
>
> rush
> --
> http://www.templatetamer.com/
>
>
In my experience, image files served with this method are not cached by the
browser, which can be frustrating for the user.
RU
| |
|
|
"rush" <pipa@rush.avalon.hr> wrote in message
news:cdqtd3$ac7$1@ls219.htnet.hr...
> "George Hernandez" <no_email@no_domain.pud> wrote in message
> news:%F_Lc.59$q9.114753@news4.srv.hcvlny.cv.net...
> server,
be[color=darkred]
>
> It is a lot o fwork, but you could serve all images and zips from, php
> scripts. so instead of using <img src="img17.gif"> you would be using
> something like <img src="img.php?imgId=17"> . Now img.php would send
> appropriate header, and then stream (from protected location) image byte
> stream. Also when img.php could for instance check the referer field, and
> stream "not allowed" image. Problem with referer is that browser does not
> have to send it, so some of "leagal users" would not be able to see your
> images. Another solution is to have (time limited) session ids given with
> each request for image, something like <img
> src="img.php?imgId=17&sessionId=098989DDAJK">. If sessionId is not valid,
> no image. Or you could combine the two methods.
>
> rush
> --
> http://www.templatetamer.com/
>
>
Also, 'from protected location' would mean the password box popping up
everytime the user loaded the page with that img src.
RU
| |
| Michael Fesser 2004-07-26, 3:56 pm |
| .oO(George Hernandez)
>that is all I have in teh .htaccess file that sits at the root of my server,
>but no matter what, if I type in a URL leading to content on my site
>architecture, the warning image does not display - the file that was
>requested is given.
If you directly type in an URL in the address bar there's _no_ referrer
header sent to the server, so the script can't block the access.
>RewriteRule .*\.jpeg$ - [F]
>RewriteRule .*\.jpg$ - [F]
Shorter: RewriteRule .*\.jpe?g - [F]
>I want to force people to have to be at my site to be
>able to view the images or download the zip files.
Hotlink-blockers rely on referrer information and will work in most
cases, but you can't really prevent it to 100%.
Micha
|
|
|
|
|