Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: HOTLINK Defence?  (Read 7067 times)

0 Members and 1 Guest are viewing this topic.

terzo

  • Coppermine newbie
  • Country: bg
  • Offline Offline
  • Gender: Male
  • Posts: 15
HOTLINK Defence?
« on: June 20, 2013, 06:12:52 pm »

Hello first of all I want to appologize if there are the same topic as this one. I used serch form but I don't find anything like that I am looking for so I decide to make a new topic. Whatever...

How may you already know before a couple of months Google changed the way that they show results from Image searching. I make some modification over .htaccess which makes a reddirect to home page (index.php). Is there any possibility that redirect to be not to homepage but to page where is located middlesized thumbnail. For example:

If someone tries to open this image file: http://coppermine-gallery.net/demo/cpg15x/albums/userpics/10001/normal_papillon_bleu2_25k.jpg to be reddirected to http://coppermine-gallery.net/demo/cpg15x/displayimage.php?pid=4

There are a similar plugin in Wordpress named ByREV WP-PICShield - HOTLINK Defence and it works perfect. I am looking for plugin or some edits which gives the same effect.

Thank you!

Regards,
Miroslav Terziev
Logged

Niecher

  • LocalSupporter
  • Coppermine frequent poster
  • ***
  • Country: es
  • Offline Offline
  • Gender: Male
  • Posts: 191
Re: HOTLINK Defence?
« Reply #1 on: June 21, 2013, 02:25:05 am »

If Wordpress has the best plugin to protect against hotlinking, Coppermine Gallery should have something to protect the full-size images in addition to documents, music and videos.

In the example you mentioned, to capture the query_string and return to the page with the intermediate image is difficult.

Here's an htaccess file, only for coppermine gallery, as follows:

Code: [Select]
<Files ".htaccess">
Order Allow,Deny
Deny from All
</Files>

RewriteEngine On

RewriteCond %{REQUEST_FILENAME} -f

RewriteCond %{REQUEST_FILENAME} \.([Bb][Mm][Pp]|[Jj][Pp][Ee]?[Gg]|[Gg][Ii][Ff]|[Pp][Nn][Gg])$ [NC]

<FilesMatch "^(normal_(.*)|thumb_(.*)).([Bb][Mm][Pp]|[Jj][Pp][Ee]?[Gg]|[Gg][Ii][Ff]|[Pp][Nn][Gg])$">
RewriteCond %{HTTP_REFERER} !^$
</FilesMatch>

RewriteCond %{HTTP_REFERER} !^http(s)?://(.*)?example.com [NC]

RewriteCond %{REQUEST_URI} !^/example\.jpg$ [NC]

RewriteRule \.([Bb][Mm][Pp]|[Jj][Pp][Ee]?[Gg]|[Gg][Ii][Ff]|[Pp][Nn][Gg])$ http://example.com/example.jpg [R,NC,L]

RewriteCond %{REQUEST_FILENAME} -f

RewriteCond %{REQUEST_FILENAME} \.(7z|aac|arj|as(f|x)|avi|bz2|divx|docx?|f4(a|v)|flv|gtar|gz|lzh|m4(a|v)|midi?|mkv|mov(ie)|mp(2|3|4|e?g)|og(g|m)|pdf|qt|ra(m|r)|sw(c|f)|tar|tgz|wm(a|v)|zip)$ [NC]

RewriteCond %{HTTP_REFERER} !^$

RewriteCond %{HTTP_REFERER} !^http(s)?://(.*)?example.com [NC]

RewriteRule \.(7z|aac|arj|as(f|x)|avi|bz2|divx|docx?|f4(a|v)|flv|gtar|gz|lzh|m4(a|v)|midi?|mkv|mov(ie)|mp(2|3|4|e?g)|og(g|m)|pdf|qt|ra(m|r)|sw(c|f)|tar|tgz|wm(a|v)|zip)$ http://example.com/example.jpg [R,NC,L]



On the other hand, you can see that the intermediate images and thumbnails are not protected. This is necessary for google indexing these images and also allow sending images intermediate or thumbnails to your own forum or blog, facebook, google+, etc.

Documents, music and videos must allow blank referrer. You can add or remove file extensions as needed.

Note: To be used in the root folder. Do not forget to replace example.com with your domain and example.jpg your image to redirect.
This file should not give errors but if it happens just delete it.

Best Regards.

--Edit--
Added extensions case sensitive
« Last Edit: October 08, 2013, 07:29:57 pm by Niecher »
Logged

Phill Luckhurst

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 4704
    • Windsurf.me
Re: HOTLINK Defence?
« Reply #2 on: June 21, 2013, 08:37:14 am »

You can restrict access to the fullsize images using this plugin here - http://forum.coppermine-gallery.net/index.php/topic,74870.0.html
Logged
It is a mistake to think you can solve any major problems just with potatoes.

Niecher

  • LocalSupporter
  • Coppermine frequent poster
  • ***
  • Country: es
  • Offline Offline
  • Gender: Male
  • Posts: 191
Re: HOTLINK Defence?
« Reply #3 on: June 21, 2013, 10:30:40 am »

Thank you very much Phill.
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15761
Re: HOTLINK Defence?
« Reply #4 on: August 20, 2013, 05:12:08 pm »

It should be possible to redirect to the corresponding intermediate-sized page. Instead of redirecting the user to the home page you should him redirect to a script that checks the visited file path against the database and redirect accordingly. I'm currently not sure if the script can access the visited path, as I never tested that before.
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15761
Re: HOTLINK Defence?
« Reply #5 on: October 07, 2013, 04:22:39 pm »

Logged
Pages: [1]   Go Up
 

Page created in 0.019 seconds with 21 queries.