Print

[Heiko_Heider]

Hallo,

I'm seriously struggling with the .htaccess-thing preventing users who are not logged in in Coppermine from accessing JPG-files directly via URL.
(http://www.heiko-heider.de/php/coppermine/albums/2004_05_Strassburg/DSC06267.jpg)

My Coppermine Gallery is in the following directory:
http://www.heiko-heider.de/php/coppermine/

but can also be accessed with these 2 sub-domains:
http://pics.heiko-heider.de
http://bilder.heiko-heider.de
which point to the server directory above.

I read all the threads in this forum regarding this and tried creating an .htaccess file with the following entries:

Code: [Select]

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://www.heiko-heider.de//.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.heiko-heider.de$      [NC]
RewriteCond %{HTTP_REFERER} !^http://heiko-heider.de/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://heiko-heider.de$      [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp.*.*jpg|jpeg|gif|png|bmp)$ http://www.heiko-heider.de [R,NC]
Although this prevents me from accessing jpgs via URL, broken links appear in Coppermine, too.

I hopy someone can help me out on this, as I'm not that familiar with .htaccess files.
Thanks in advance,

Heiko

[xplicit]

RewriteEngine On

RewriteCond %{REQUEST_FILENAME} .*jpg$|.*gif$|.*png$|.*jpeg$|.*bmp$ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !heiko-heider\.de [NC]

Should be enough for preventing hotlinking, but if you want to exclude your own directorys and still want to enable coppermine accessing them its a difficault thing. It's doable but well nobody I know had workt this out

http://forum.coppermine-gallery.net/index.php?topic=15178.0

[Heiko_Heider]

Thanks for the fast reply.
Unfortunately, the code didn't work, either. -> CP can't access the pictures itself.

I just mailed my hosting-support, they told me thad "mod-rewrite" is not available.
So I'm thinking whether preventing direct URL-file-access with .htaccess is possible at all?

Does anybody know if it's worth to keep trying or that it's just impossible on my host?

Thanks,

Heiko

[Nibbler]

Well it means you can't use this method. There may be an alternative, see if they can suggest anything.

[Heiko_Heider]

Hmm, so it seems my provider sucks!
Well, it's a no-frills-provider, charging for every extra, for example disabling safe-mode will cost 29€.

I have, however, a folder-structure not within the public-html-folder.
Is there any chance that Coppermine gets the files from this folder? Gallery2 is able to do this, I think, but I can't use that due to the safe-mode restriction :-(

Or does anyone else here know a way preventing url-file-access without the need for .htaccess?

What I don't understand, however:
although mod-rewrite seems to be diabled by my host, putting the above code in an .htaccess-file blocks direct URL access to jpg-files.
So at least the blocking seems to work.
Maybe theres a way to give coppermine access anyway???

Thanks,

Heiko

[artistsinhawaii]

Heiko,

The real question is why?  If a person can view your pictures they already have a copy of it on their computer. They can also download any picture they are viewing no matter what kind of blocks you put up. 

Blocking hot-linking is usually what most users require.

However, if you can identify who the abusers are, you can use htaccess to block these users by IP or referrer ID.  see:  http://www.javascriptkit.com/howto/htaccess.shtml

Dennis

[Heiko_Heider]

@madeinhawaii:

No, no. That's not what I meant.
You see: I have albums that only certain usergroups can view through logging in to coppermine. My friends of course can do whatever they want with the pictures. I just want to prevent external surfers (who have to much free-time <g>) from getting my pictures by entering the URLS of filenames, thus bypassing coppermines password protection.

[artistsinhawaii]

Heiko,

Did you try this:  http://forum.coppermine-gallery.net/index.php?topic=3069.0

Dennis