htaccess block domains from hotlinking images - .htaccess

I blocked some sites in the file but they keep comming on my server and asking for images that slow down my server how i can add a rule for them so they will see big red sign STOP HOTLINKING
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} ^http://(www\.)?somesite\.pl [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?somesite\.pl [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?somesite\.pl [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?sklep.somesite\.eu [NC]
RewriteRule \.(gif|jpe?g|js|css)$ - [F,NC,L]

Mate try the below ,
Following code will only allow the mentioned domain "alloweddomain.com" and block others from hot linking
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?alloweddomain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
The above code will allow "Blank Referrers"
What is Blank Referrers ?
Some visitors uses a personal firewall or antivirus program, that deletes the page referrer information sent by the web browser. Hotlink protection is based on this information. So if you choose not to allow blank referrers, you will block these users. You will also prevent people from directly accessing an image by typing in the URL in their browser.
Suppose if you don't want to allow "Blank Referrers" then use the following code mate
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?alloweddomain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
Also if suppose you want to display a image like "STOP HOTLINKING" then use the below method
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?alloweddomain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ mydomain.com/img/stop_hotlink.jpg [NC,R,L]
Above code will allow "Blank referrers" . To not allow, follow as mentioned in previous step again.
Note that :
In case of displaying image for "STOP HOTLINK" make sure the image is not hotlink protected or your server can go into an endless loop.
alloweddomain.com - The domain that you want to allow for hotlink
mydomain.com/img/stop_hotlink.jpg - URL for the "STOP HOTLINK" image
Update : [ Block Specific Domains ]
To stop hotlinking from specific outside domains only, such as blockurl1.com, blockurl2.com and blockurl3.com, but allow any other web site to hotlink images:
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?blockurl1\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?blockurl2\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?blockurl3\.com/ [NC]
RewriteCond %{REQUEST_URI} !blocked\.gif$ [NC]
RewriteRule .*\.(jpe?g|gif|bmp|png)$ http://example.com/blocked.gif [L]
You can add as many different domains as needed. Each RewriteCond line should end with the [NC,OR] code. NC means to ignore upper and lower case. OR means "Or Next", as in, match this domain or the next line that follows. The last domain listed omits the OR code since you want to stop matching domains after the last RewriteCond line.
The last line contains the URL "http://example.com/blocked.gif" which contains the image that will be displayed when the condition occurs.
You can display a 403 Forbidden error code instead of an image. Replace the last line of the previous examples with this line:
RewriteRule .*\.(jpe?g|gif|bmp|png)$ - [F]
Hope this helped you mate!

Related

Writing an .htaccess file properly

I have the following code in my .htaccess file; it was given to me in an attempt to redirect users from one website to another, but while masking the URL such that the original domain was kept:
Options +FollowSymLinks -MultiViews
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^Shmoo.com$ [NC,OR]
RewriteCond %{HTTP_HOST} ^www\.Shmoo\.com$ [NC]
RewriteRule ^(.*)$ https://wubbins.com/humnewum/$1 [R=301,L]
RewriteCond %{HTTPS_HOST} ^Shmoo.com$ [NC,OR]
RewriteCond %{HTTPS_HOST} ^www\.Shmoo\.com$ [NC]
RewriteRule ^(.*)$ https://wubbins.com/humnewum/$1 [R=301,L]
I cannot use the generic Web forwarding, redirect, or Alias tools on one.com as these seem to use iFrames and therefore the destination site does not present properly on mobile devices.
This code seems to work, for the most part (as in no iFrame) but the URL is not masked, it is displayed as the destination 'www.wubbins.com/humnewum' not the origin 'www.Shmoo.com'
Complete noob so any help greatly appreciated.

Prevent direct access to mp4 (IE/Edge ignoring HTTP_REFERER)

I would like to show videos (mp4) on my website but want to prevent direct access (example.com/videos/vide1.mp4). I managed to add restriction to .htaccess which I placed to video folder:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^https://(www\.)?example\.com [NC]
RewriteCond %{HTTP_REFERER} !^https://(www\.)?example\.com.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com.*$ [NC]
RewriteRule .*\.(gif|png|mp4)$ https://www.example.com/ [L]
This worked on Firefox/Chrome/... but on IE or Edge I get error "Invalid Source" and video is not shown on website. Looks like IE/Edge ignores or uses different HTTP_REFERER? Is there any solution for this problem?
There is a lot of tools or browsers or 'anonymizers' that might block the referer.
Which browsers/plugins block HttpReferer from being sent?
You can use:
RewriteEngine on
# This line is the equivalent of your 4 lines
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?example\.com [NC]
RewriteRule \.(gif|png|mp4)$ - [F,L]

Unable to block all subdomains of spammy urls

My site is getting spammed by lots of different blogspot urls (such as http://somespammyurl.blogspot.com.br), but I can't figure out how to block them, I tried:
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?.blogspot.co.id.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?.blogspot.bg.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?.blogspot.ru.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?.blogspot.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?.blogspot.com.br.*$ [NC]
RewriteRule .* - [F]
but in my raw logs I still see spammy urls with http/1.0/ 200, which I'm assuming means they are getting through, because if I specify the exact whole url of one of the spamming urls in the htaccess, the raw log line says http/1.0" 500 for that url. Can anyone shed some light why those lines aren't blocking all *.blogspot.co.id for example?
Is there a way to simply block all:
.blogspot.
because I'm getting blogspot.pt, blogspot.eu and all sorts.
To block all .*blogspot referers, you can use :
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^https?://(www\.)?.+blogspot [NC]
RewriteRule ^ - [F,L]
Your existing rules dont match the referer string http://www.blogspot because of the extra dot infront of .blogspot in your cond pattern.

Deny referrals from all domains except one

Is it possible to accept traffic from only one domain, ideally using a .htaccess file?
I want my site to only be accessible via a link on another site I have.
I know how to block one referring domain, but not all domains
RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} otherdomain\.com [NC]
RewriteRule .* - [F]
this is my full rewrite code:
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !domain\.co.uk [NC]
RewriteRule .? - [F]
# The Friendly URLs part
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
I think it is working, but none of the assets are getting loaded and I get a 500 error when I click on another link.
Make that something like:
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !yourdomain\.com [NC]
RewriteCond %{HTTP_REFERER} !alloweddomain\.com [NC]
RewriteRule .? - [F]
The first RewriteCond checks that the referrer is not empty. The second checks that it doesn't contain the string yourdomain.com, and the third that it doesn't contain the string alloweddomain.com. If all of these checks pass, the RewriteRule triggers and denies the request.
(Allowing empty referrers is generally a good idea, since browsers can generate them for various reasons, such as when:
the user has bookmarked the link,
the user entered the link manually into the address bar,
the user reloaded the page,
the browser is configured not to send cross-site referrer infromation, or
a proxy between your site and the browser strips away the referrer information.)

Prevent spiders from following is matches URL

How do I prevent spriders crawling pages that start with mydomain.com/abc...
For example mydomain.com/abcSGGSHS or mydomain.com/abc6bNNha
I think I need to add some sort of regular expression to the web root's .htaccess, right?
With mod_rewrite enabled, you can do the following
RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_USER_AGENT} ^YourBadSpiderName [OR]
RewriteCond %{HTTP_USER_AGENT} ^AotherBadSpider
RewriteCond %{REQUEST_URI} ^abc
RewriteRule ^$ http://mydomain.com/404.html [NC,L]
You'll have to update the spider names accordingly. If a bot changes his user agent, let's say to 'Mozilla/Firefox', you're out of luck..

Resources