kaseytraeger Posted April 30, 2004 Posted April 30, 2004 Last night, TCH-Lisa and I discovered a problem with the .htaccess file located in my public_html directory. The problem was that if I tried to access an image using a URL, I was redirected to my main index.php page instead of being able to see the image. For example, if you were to type htt*://www.blog.pudgypuppy.com/i/reddog.gif into your web browser's address bar, you would expect to see the picture that I've called "reddog.gif" show up in your browser, right? (As long as I didn't have any redirection turned on that would automatically redirect you to some other page.) Well, I don't have redirection turned on (or at least, I don't think I do ... I've never changed anything like that). The problem we noted was that when we actually tried to view the picture in our web browsers, we were both being redirected to the page located at htt*://www.pudgypuppy.com/index.php. Once we performed a 90% lobotomy on my .htaccess file, we were able to view the picture in the web browser as we would expect to. Here's a comparison of the two .htaccess files. ORIGINAL FILE (THE ONE THAT INCORRECTLY REDIRECTED US) ># -FrontPage- IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti* <Limit GET POST> order deny,allow deny from all allow from all </Limit> <Limit PUT DELETE> order deny,allow deny from all </Limit> AuthName www.pudgypuppy.com AuthUserFile /home/pudgy/public_html/_vti_pvt/service.pwd AuthGroupFile /home/pudgy/public_html/_vti_pvt/service.grp RewriteEngine on RewriteCond %{HTTP_REFERER} !^http://blog.pudgypuppy.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://blog.pudgypuppy.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://kaseyscreations.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://kaseyscreations.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://moocowenterprises.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://moocowenterprises.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://pudgypuppy.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://pudgypuppy.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.blog.pudgypuppy.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.blog.pudgypuppy.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.kaseyscreations.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.kaseyscreations.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.moocowenterprises.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.moocowenterprises.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.pudgypuppy.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.pudgypuppy.com$ [NC] RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ http://www.pudgypuppy.com [R,NC] NEWLY LOBOTOMIZED FILE (WORKS PROPERLY AND SHOWS THE GRAPHIC IN WEB BROWSER WINDOW) >AuthName www.pudgypuppy.com AuthUserFile /home/pudgy/public_html/_vti_pvt/service.pwd AuthGroupFile /home/pudgy/public_html/_vti_pvt/service.grp Options All -Indexes We basically removed the FrontPage stuff at the front, the <Limit> sections, and all of the Rewrite stuff. Since I don't know how to write a .htaccess file, this stuff must have been inserted when I used the tools in cPanel to disallow hotlinking by all domains except pudgypuppy.com, moocowenterprises.com and kaseyscreations.com. I remember setting this up because I didn't want people hotlinking to my graphics and images. I'm currently using the shorter .htaccess file, so f you try to view the image in your browser now (htt*://www.blog.pudgypuppy.com/i/reddog.gif). You will be able to see the image without any problems. But I'd still like to disallow hotlinking. TCH-Lisa tells me that my file looks almost identical to hers (only the domain names are different). We can't figure out why her .htaccess file works but mine does not. She has graciously posted the Rewrite lines of code on her website as htt*://www.lisa-jill.com/htaccess.txt for easy reference and comparison. Will someone please review my .htaccess file and tell me how I can fix it to disallow hotlinking but still work properly? Thanks! Quote
DarqFlare Posted April 30, 2004 Posted April 30, 2004 Just add the following to your rewrite rules to allow for direct image access: >RewriteCond %{HTTP_REFERER} !^$ [NC] Quote
LisaJill Posted April 30, 2004 Posted April 30, 2004 Mm, but that doesn't explain why the root absolute url's work in her css when the rewrite rules are not present but do not the second they're added in. The css file wouldn't be a blank referral hit I don't think? Still, I wonder if that'll fix it... Quote
MikeJ Posted April 30, 2004 Posted April 30, 2004 (edited) Or easier yet, just select "Allow direct requests" when you enable hotlink protection through cPanel. Anything referenced in a CSS should, I believe, still have a referrer to it (as long as the browser is sending referrer info). In general though, it's a good idea to allow direct requests as some browsers and proxies won't send referrer information. Edited April 30, 2004 by TCH-MikeJ Quote
kaseytraeger Posted April 30, 2004 Author Posted April 30, 2004 Just add the following to your rewrite rules to allow for direct image access: >RewriteCond %{HTTP_REFERER} !^$ [NC] Does this line allow anyone to have direct image access? I would think that if direct image access is allowed, then people could hotlink my images, which I certainly don't want. Also, when you say to add it, do I add it to the original .htaccess file or the shorter, new .htaccess file? Quote
kaseytraeger Posted April 30, 2004 Author Posted April 30, 2004 (edited) Or easier yet, just select "Allow direct requests" when you enable hotlink protection through cPanel. Anything referenced in a CSS should, I believe, still have a referrer to it (as long as the browser is sending referrer info). In general though, it's a good idea to allow direct requests as some browsers and proxies won't send referrer information. Mike, Do I need to use a forwarding url? My cPanel says hotlink protection is disabled. I presume that's because I've removed the Rewrite rules from the .htaccess file and cPanel sees that there's nothing there. However, just above the box for allowing direct access is a line for URL redirection. Do I need to leave this blank so that other computers can access the graphics? I wonder if I would encounter the same problem of being redirected to an index page when typing www.domain.com/graphic.gif if I entered a URL for redirection. Edited April 30, 2004 by kaseytraeger Quote
MikeJ Posted April 30, 2004 Posted April 30, 2004 Redirect hotlink and allow direct requests are unrelated items. If you don't input a redirect, the user will get get a forbidden error (or a broken image if it's inline to a page) if the referrer is from a non-allowed site. Whether you redirect or not won't affect the ability to request the image directly... only what happens in the event it fails. Quote
kaseytraeger Posted April 30, 2004 Author Posted April 30, 2004 Well, I did what you suggested, Mike, and it seems to have worked. The CSS style sheet for my blog is still able to grab an image using just the root absolute URL, which it was not able to do last night until we chopped up the .htaccess file fairly significantly. Also, there is no redirection to my main index.php page going on if you try to look at the picture by typing the picture's URL into a browser address bar. Here's the new .htaccess code as it was modified by cPanel. What's the difference between this and the original .htaccess code that gave me problems? ># <Limit GET POST> # order deny,allow # deny from all # allow from all # </Limit> # <Limit PUT DELETE> # order deny,allow # deny from all # </Limit> AuthName www.pudgypuppy.com AuthUserFile /home/pudgy/public_html/_vti_pvt/service.pwd AuthGroupFile /home/pudgy/public_html/_vti_pvt/service.grp Options All -Indexes RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://blog.pudgypuppy.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://blog.pudgypuppy.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://kaseyscreations.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://kaseyscreations.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://moocowenterprises.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://moocowenterprises.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://pudgypuppy.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://pudgypuppy.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.blog.pudgypuppy.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.blog.pudgypuppy.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.kaseyscreations.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.kaseyscreations.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.moocowenterprises.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.moocowenterprises.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.pudgypuppy.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.pudgypuppy.com$ [NC] RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC] Quote
MikeJ Posted May 1, 2004 Posted May 1, 2004 (edited) The same thing that Robert mentioned: RewriteCond %{HTTP_REFERER} !^$ That line basically means "On condition Referer is not <blank>", since ^ = beginning of string, and $ = end of string with nothing inbetween when speaking in regular expressions. ! is your NOT statement. Edited May 1, 2004 by TCH-MikeJ Quote
kaseytraeger Posted May 1, 2004 Author Posted May 1, 2004 Ah, yes. Now I see it. Thank you, Mike! Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.