Prevent direct access to mp4 (IE/Edge ignoring HTTP_REFERER) - .htaccess

I would like to show videos (mp4) on my website but want to prevent direct access (example.com/videos/vide1.mp4). I managed to add restriction to .htaccess which I placed to video folder:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^https://(www\.)?example\.com [NC]
RewriteCond %{HTTP_REFERER} !^https://(www\.)?example\.com.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com.*$ [NC]
RewriteRule .*\.(gif|png|mp4)$ https://www.example.com/ [L]
This worked on Firefox/Chrome/... but on IE or Edge I get error "Invalid Source" and video is not shown on website. Looks like IE/Edge ignores or uses different HTTP_REFERER? Is there any solution for this problem?

There is a lot of tools or browsers or 'anonymizers' that might block the referer.
Which browsers/plugins block HttpReferer from being sent?
You can use:
RewriteEngine on
# This line is the equivalent of your 4 lines
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?example\.com [NC]
RewriteRule \.(gif|png|mp4)$ - [F,L]

Related

htaccess block domains from hotlinking images

I blocked some sites in the file but they keep comming on my server and asking for images that slow down my server how i can add a rule for them so they will see big red sign STOP HOTLINKING
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} ^http://(www\.)?somesite\.pl [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?somesite\.pl [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?somesite\.pl [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?sklep.somesite\.eu [NC]
RewriteRule \.(gif|jpe?g|js|css)$ - [F,NC,L]
Mate try the below ,
Following code will only allow the mentioned domain "alloweddomain.com" and block others from hot linking
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?alloweddomain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
The above code will allow "Blank Referrers"
What is Blank Referrers ?
Some visitors uses a personal firewall or antivirus program, that deletes the page referrer information sent by the web browser. Hotlink protection is based on this information. So if you choose not to allow blank referrers, you will block these users. You will also prevent people from directly accessing an image by typing in the URL in their browser.
Suppose if you don't want to allow "Blank Referrers" then use the following code mate
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?alloweddomain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
Also if suppose you want to display a image like "STOP HOTLINKING" then use the below method
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?alloweddomain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ mydomain.com/img/stop_hotlink.jpg [NC,R,L]
Above code will allow "Blank referrers" . To not allow, follow as mentioned in previous step again.
Note that :
In case of displaying image for "STOP HOTLINK" make sure the image is not hotlink protected or your server can go into an endless loop.
alloweddomain.com - The domain that you want to allow for hotlink
mydomain.com/img/stop_hotlink.jpg - URL for the "STOP HOTLINK" image
Update : [ Block Specific Domains ]
To stop hotlinking from specific outside domains only, such as blockurl1.com, blockurl2.com and blockurl3.com, but allow any other web site to hotlink images:
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?blockurl1\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?blockurl2\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?blockurl3\.com/ [NC]
RewriteCond %{REQUEST_URI} !blocked\.gif$ [NC]
RewriteRule .*\.(jpe?g|gif|bmp|png)$ http://example.com/blocked.gif [L]
You can add as many different domains as needed. Each RewriteCond line should end with the [NC,OR] code. NC means to ignore upper and lower case. OR means "Or Next", as in, match this domain or the next line that follows. The last domain listed omits the OR code since you want to stop matching domains after the last RewriteCond line.
The last line contains the URL "http://example.com/blocked.gif" which contains the image that will be displayed when the condition occurs.
You can display a 403 Forbidden error code instead of an image. Replace the last line of the previous examples with this line:
RewriteRule .*\.(jpe?g|gif|bmp|png)$ - [F]
Hope this helped you mate!

Unable to block all subdomains of spammy urls

My site is getting spammed by lots of different blogspot urls (such as http://somespammyurl.blogspot.com.br), but I can't figure out how to block them, I tried:
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?.blogspot.co.id.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?.blogspot.bg.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?.blogspot.ru.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?.blogspot.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?.blogspot.com.br.*$ [NC]
RewriteRule .* - [F]
but in my raw logs I still see spammy urls with http/1.0/ 200, which I'm assuming means they are getting through, because if I specify the exact whole url of one of the spamming urls in the htaccess, the raw log line says http/1.0" 500 for that url. Can anyone shed some light why those lines aren't blocking all *.blogspot.co.id for example?
Is there a way to simply block all:
.blogspot.
because I'm getting blogspot.pt, blogspot.eu and all sorts.
To block all .*blogspot referers, you can use :
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^https?://(www\.)?.+blogspot [NC]
RewriteRule ^ - [F,L]
Your existing rules dont match the referer string http://www.blogspot because of the extra dot infront of .blogspot in your cond pattern.

Is it possible to make images in a folder non browsable in site directory using .htaccess?

So is it possible to make images in a folder non browsable even if a person has a direct link to an image? and make the page 404 or something if they try to view it ? (yet still display the image in a html page).
using .htaccess IF its even possible or something other way.
You can do that with this .htaccess in your images folder:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www\.your_domain_name\.com/ [NC]
RewriteRule ^ - [F]
Or for global site:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www\.your_domain_name\.com/ [NC]
RewriteRule \.(?:gif|png|jpg|jpeg)$ - [NC,F]
But you have to add files extensions

.htaccess allow if url contains a word

I want to allow access to specific domains. For example if domain contains the word asdf it should allow access. I final attempt before asking was:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^.*asdf.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} !^.*1234.*$
#RewriteRule .* - [F]
So here I tried to restrict access to all but domains that contain asdf or 1234.
You need to use %{HTTP_HOST} for checking the domain in URL instead of %{HTTP_REFERER}.
Can you try this code:
RewriteEngine on
RewriteCond %{HTTP_HOST} !^.*(asdf|1234)\. [NC]
RewriteRule .* - [F]
Anubhava gave me a clue but not with the http_host. Finally the problem was the OR.
Now the following worked like a charm:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^.*(1234|asdf).* [NC]
RewriteRule .* - [F]
So HTTP_REFERER did what it should do (check the domain accessing). And the | worked as the or argument I needed.

Redirecting Hotlinked images with Low Resolution versions

i am working on website of a Digital Gadgets Manufacturer.
Product images are hotlinked from hundreds of blogs & forums. which is causing bandwidth issues.
we want to replace all hotlinked images with their low resolution versions, using
.htaccess
means if the hotlinked image path is
http://www.example.com/products/gadget123/gadget123.png
we want to redirect it to
http://www.example.com/images/low-res/gadget123.png
hotlinked image paths are different, means they may be from sub-directory of any directory.
for example
/images/products/abc/gadget_abc200.jpg
/products/images/abc/gadgetabc5155_packing.png
/downloads/brochures/abc2012/abc2012_user_guide.jpg
etc...
but all low resolution images will be in
http://www.example.com/images/low-res/
directory, and their names will be same as their high resolution versions.
Try to addopt this:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^(.*?)example\.com(/.*)?$ [NC]
RewriteRule ^images/products/.+/(.+).png$ images/low-res/$1.png [L]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^(.*?)example\.com(/.*)?$ [NC]
RewriteRule ^images/products/.+/(.+).png$ images/low-res/$1.png [L]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^(.*?)example\.com(/.*)?$ [NC]
RewriteRule ^downloads/brochures/.+/(.+).jpg$ images/low-res/$1.jpg [L]
This rules looking for if the request comes from your site or directly from a third party.
And rewrites then the request.

Resources