Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: How to stop directlinking  (Read 6037 times)

0 Members and 1 Guest are viewing this topic.

Fudgemaster

  • Coppermine novice
  • *
  • Offline Offline
  • Gender: Male
  • Posts: 45
    • Trackdays, Car shows, Nature and some misc photos
How to stop directlinking
« on: November 12, 2005, 03:30:03 pm »

Hiya..

My coppermine gallery is at http://www.partanen.net/gallery

The pictures are possible to view with a direct link to the file ie.
http://www.partanen.net/gallery/albums/muita_tapahtumia/dynamiitti_com_2005/07_01/IMG04025.jpg

or by browsing the directories
http://www.partanen.net/gallery/albums/muita_tapahtumia/dynamiitti_com_2005/07_01

Is there a way to disallow this so you would be directed/forced to the gallery, and the images would be accessible only through the gallery itself  ?
« Last Edit: November 14, 2005, 08:07:07 pm by GauGau »
Logged
--
It's an insane world.. But I'm proud to be a part of it.

Stramm

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Male
  • Posts: 6006
    • Bettis Wollwelt
Re: How to stop directlinking
« Reply #1 on: November 12, 2005, 04:14:39 pm »

here's a htaccess file for you
Code: [Select]
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?partanen.net [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]

it doesn't show the images when another site calls them (hotlinking) but allows the request if you just copy/ paste the pic URL into your browser. If you don't like that behavior then delete RewriteCond %{HTTP_REFERER} !^$ (not recommended cause you'll block a lot of software firewall users form your site)

Fudgemaster

  • Coppermine novice
  • *
  • Offline Offline
  • Gender: Male
  • Posts: 45
    • Trackdays, Car shows, Nature and some misc photos
Re: How to stop directlinking
« Reply #2 on: November 12, 2005, 11:48:55 pm »

Okay. Thank You.

I'll test this for some directories and see how the users react and report about it.
Logged
--
It's an insane world.. But I'm proud to be a part of it.

Stramm

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Male
  • Posts: 6006
    • Bettis Wollwelt
Re: How to stop directlinking
« Reply #3 on: November 13, 2005, 09:13:13 am »

if you place it in the albums directory it's protecting all subfolders too?

Fudgemaster

  • Coppermine novice
  • *
  • Offline Offline
  • Gender: Male
  • Posts: 45
    • Trackdays, Car shows, Nature and some misc photos
Re: How to stop directlinking
« Reply #4 on: November 14, 2005, 11:40:31 am »

if you place it in the albums directory it's protecting all subfolders too?

Yes. I have put the .htaccess file to the albums directory and it "protects" all itäs sub directories, oh so nice  :)
I also made a index.htm to every directory under albums (not edit directory) that redirect to the mainpage, gotta smoothen it up a notch, when I get the inspiration  ::)

And now, just to make a custom error message for the "403 - forbidden" .

Thanks for the help  8)

EDIT:
Oh yeah, I used the one with out the
RewriteCond %{HTTP_REFERER} !^$
line in it.

 - Sami Partanen .
Logged
--
It's an insane world.. But I'm proud to be a part of it.

xplicit

  • Contributor
  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 214
Re: How to stop directlinking
« Reply #5 on: November 14, 2005, 08:06:29 pm »

If for some reason you want to allow some sites to still access the images you can use the rule below:

I use this for google to allow it to show pictures with theire image finder

RewriteCond %{HTTP_REFERER} !google\. [NC]

the \. indicates that it may be every extention (.com, .nl, .de. etc etc)
Logged
Don't ask me: Can you do this .... or Give me that...or I need Quick help in PM's. I'm not Santaclaus so post your questions on the board so it will be in the benefit for everyone.

Fudgemaster

  • Coppermine novice
  • *
  • Offline Offline
  • Gender: Male
  • Posts: 45
    • Trackdays, Car shows, Nature and some misc photos
Re: How to stop directlinking
« Reply #6 on: July 19, 2006, 06:48:27 am »

Sorry to bump up such an old topic but I'd like to tell my feelings about using these methods after havig them in use for some time..

here's a htaccess file for you
Code: [Select]
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?partanen.net [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]

it doesn't show the images when another site calls them (hotlinking) but allows the request if you just copy/ paste the pic URL into your browser. If you don't like that behavior then delete RewriteCond %{HTTP_REFERER} !^$ (not recommended cause you'll block a lot of software firewall users form your site)

I used that in my .htaccess and listened to what people have to say about it.

The results were that most of firefox users had problems viewing the images (none show up) and myself had problems with Opera and IE not showing up all the pics and the proper links to files in the gallery would show a 403 error I customized for hotlinkers.
Even hitting refresh several times did not allways show all the images in the albums thumbnail/filmstrip view.

Even playing around the users firewalls did not allways have any affect. Maybe everyone configs theis kewl FF browsers to kill all the referrer info or something.

Thus removed that referrer thingamajigger from the .htaccess I used.
And no I'll just munch my carpets whilst being BW raped by people who link the pictures, not the gallery links.
Oh well, You don't allways get all you want, and sometimes You get somethings You don't want... :)

EDIT:
Forgot to say that the method Stramm gave me was fully functional with some side effects and I still take this case as solved.
Logged
--
It's an insane world.. But I'm proud to be a part of it.

Nibbler

  • Guest
Re: How to stop directlinking
« Reply #7 on: July 19, 2006, 01:31:25 pm »

Code: [Select]
RewriteCond %{HTTP_REFERER} !^$
That line allows blank referrers.
Logged
Pages: [1]   Go Up
 

Page created in 0.02 seconds with 19 queries.