By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,725 Members | 1,269 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,725 IT Pros & Developers. It's quick & easy.

Need Help to prevent external linking

P: n/a
I have a site on a set of Linux Servers where my site is PHP enabled and I
would like to prevent people from externally linking to content on my site
and replace it with a warning image.

I've researched the following to put in an .htaccess file on teh root of my
server, but none of the methods or changes or suggestions I've found on the
web work...
================================================== ==========
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.mydomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://mydomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://anothermydomain/.*$ [NC]
RewriteRule .*\.jpeg$ - [F]
RewriteRule .*\.jpg$ - [F]
RewriteRule .*\.zip$ - [F]

RewriteCond %{HTTP_REFERER} !^$
RewriteRule ^URL_of_my_warning_image.jpg$ - [F]
================================================== ==========

that is all I have in teh .htaccess file that sits at the root of my server,
but no matter what, if I type in a URL leading to content on my site
architecture, the warning image does not display - the file that was
requested is given. I want to force people to have to be at my site to be
able to view the images or download the zip files.

Please help.
Thanks.
Jul 17 '05 #1
Share this Question
Share on Google+
7 Replies


P: n/a
On Fri, 23 Jul 2004 02:24:59 +0000, George Hernandez wrote:
I have a site on a set of Linux Servers where my site is PHP enabled and I
would like to prevent people from externally linking to content on my site
and replace it with a warning image.

[ snip ]
Other than this has nothing to do with PHP, the short and bitter truth
answer is, you can't =)

Regards,

Ian

--
Ian.H
digiServ Network
London, UK
http://digiserv.net/

Jul 17 '05 #2

P: n/a
"George Hernandez" <no_email@no_domain.pud> wrote in message
news:%F****************@news4.srv.hcvlny.cv.net...
I have a site on a set of Linux Servers where my site is PHP enabled and I
would like to prevent people from externally linking to content on my site
and replace it with a warning image.

I've researched the following to put in an .htaccess file on teh root of my server, but none of the methods or changes or suggestions I've found on the web work...

-snip-

You have set RewriteEngine On?

Check your server is processing .htaccess files by setting up a password
protected directory.

Jul 17 '05 #3

P: n/a
"George Hernandez" <no_email@no_domain.pud> wrote in message
news:%F****************@news4.srv.hcvlny.cv.net...
that is all I have in teh .htaccess file that sits at the root of my server, but no matter what, if I type in a URL leading to content on my site
architecture, the warning image does not display - the file that was
requested is given. I want to force people to have to be at my site to be
able to view the images or download the zip files.


It is a lot o fwork, but you could serve all images and zips from, php
scripts. so instead of using <img src="img17.gif"> you would be using
something like <img src="img.php?imgId=17"> . Now img.php would send
appropriate header, and then stream (from protected location) image byte
stream. Also when img.php could for instance check the referer field, and
stream "not allowed" image. Problem with referer is that browser does not
have to send it, so some of "leagal users" would not be able to see your
images. Another solution is to have (time limited) session ids given with
each request for image, something like <img
src="img.php?imgId=17&sessionId=098989DDAJK">. If sessionId is not valid,
no image. Or you could combine the two methods.

rush
--
http://www.templatetamer.com/
Jul 17 '05 #4

P: n/a
"CJ Llewellyn" <sa****@tmslifeline.com> wrote in message news:<cd**********@slavica.ukpost.com>...
"George Hernandez" <no_email@no_domain.pud> wrote in message
news:%F****************@news4.srv.hcvlny.cv.net...
I have a site on a set of Linux Servers where my site is PHP enabled and I
would like to prevent people from externally linking to content on my site
and replace it with a warning image.

I've researched the following to put in an .htaccess file on teh root of

my
server, but none of the methods or changes or suggestions I've found on

the
web work...

-snip-

You have set RewriteEngine On?

Check your server is processing .htaccess files by setting up a password
protected directory.


what means "externally linking into your page"? i think you mean using
your pages as part of someone elses site. if that is the case and you
are using a frameset there is a quite simple javascript solution. just
have every html doc check the frameset it's opened in by with

top.document.id

so if the id of the topmost frame is not the one of your own frameset,
you can have javascript perform some action

micha
Jul 17 '05 #5

P: n/a

"rush" <pi**@rush.avalon.hr> wrote in message
news:cd**********@ls219.htnet.hr...
"George Hernandez" <no_email@no_domain.pud> wrote in message
news:%F****************@news4.srv.hcvlny.cv.net...
that is all I have in teh .htaccess file that sits at the root of my

server,
but no matter what, if I type in a URL leading to content on my site
architecture, the warning image does not display - the file that was
requested is given. I want to force people to have to be at my site to be able to view the images or download the zip files.


It is a lot o fwork, but you could serve all images and zips from, php
scripts. so instead of using <img src="img17.gif"> you would be using
something like <img src="img.php?imgId=17"> . Now img.php would send
appropriate header, and then stream (from protected location) image byte
stream. Also when img.php could for instance check the referer field, and
stream "not allowed" image. Problem with referer is that browser does not
have to send it, so some of "leagal users" would not be able to see your
images. Another solution is to have (time limited) session ids given with
each request for image, something like <img
src="img.php?imgId=17&sessionId=098989DDAJK">. If sessionId is not valid,
no image. Or you could combine the two methods.

rush
--
http://www.templatetamer.com/


In my experience, image files served with this method are not cached by the
browser, which can be frustrating for the user.

RU
Jul 17 '05 #6

P: n/a

"rush" <pi**@rush.avalon.hr> wrote in message
news:cd**********@ls219.htnet.hr...
"George Hernandez" <no_email@no_domain.pud> wrote in message
news:%F****************@news4.srv.hcvlny.cv.net...
that is all I have in teh .htaccess file that sits at the root of my

server,
but no matter what, if I type in a URL leading to content on my site
architecture, the warning image does not display - the file that was
requested is given. I want to force people to have to be at my site to be able to view the images or download the zip files.


It is a lot o fwork, but you could serve all images and zips from, php
scripts. so instead of using <img src="img17.gif"> you would be using
something like <img src="img.php?imgId=17"> . Now img.php would send
appropriate header, and then stream (from protected location) image byte
stream. Also when img.php could for instance check the referer field, and
stream "not allowed" image. Problem with referer is that browser does not
have to send it, so some of "leagal users" would not be able to see your
images. Another solution is to have (time limited) session ids given with
each request for image, something like <img
src="img.php?imgId=17&sessionId=098989DDAJK">. If sessionId is not valid,
no image. Or you could combine the two methods.

rush
--
http://www.templatetamer.com/


Also, 'from protected location' would mean the password box popping up
everytime the user loaded the page with that img src.

RU
Jul 17 '05 #7

P: n/a
.oO(George Hernandez)
that is all I have in teh .htaccess file that sits at the root of my server,
but no matter what, if I type in a URL leading to content on my site
architecture, the warning image does not display - the file that was
requested is given.
If you directly type in an URL in the address bar there's _no_ referrer
header sent to the server, so the script can't block the access.
RewriteRule .*\.jpeg$ - [F]
RewriteRule .*\.jpg$ - [F]
Shorter: RewriteRule .*\.jpe?g - [F]
I want to force people to have to be at my site to be
able to view the images or download the zip files.


Hotlink-blockers rely on referrer information and will work in most
cases, but you can't really prevent it to 100%.

Micha
Jul 17 '05 #8

This discussion thread is closed

Replies have been disabled for this discussion.