Aussie Bloggers Forum
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
November 20, 2008, 03:41:32 AM
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
New!
Live Chat Available 24/7
.
Join us at 7:30pm Sundays for a weekly chat session.
Visit the Aussie Bloggers Blog
Search:
Advanced search
40129
Posts in
3136
Topics by
1062
Members Latest Member:
-
SFF
Most online today:
16
- most online ever:
275
(December 30, 2007, 10:48:05 PM)
Forum Rules
Forum Rules
Recent Posts
Your Best Ever Blog Post
by
therinofandor
[
Today
at 12:47:14 AM]
A big hello and thankyou
by
squadron
[November 19, 2008, 11:20:44 PM]
Hello from Before Our Tim...
by
wchingya
[November 19, 2008, 11:19:03 PM]
Your Know You Have a Blog...
by
squadron
[November 19, 2008, 11:14:08 PM]
Wordpress 2.7 - due Novem...
by
Anonymum
[November 19, 2008, 10:38:30 PM]
Home phone? What's that?
by
wchingya
[November 19, 2008, 10:37:22 PM]
Books
by
squadron
[November 19, 2008, 10:31:00 PM]
Any plans in December?
by
wchingya
[November 19, 2008, 10:30:51 PM]
ShoutBox
Last 8 Shouts:
leechbabe
November 18, 2008, 07:25:42 AM
Gemisht, I made the mistake of feeding my children dinner. More dishes! Aurrrrrrrrrrgh.
Brittany, have fun at Curves
Brittany Kingston
November 18, 2008, 06:30:10 AM
Getting ready to go to Curves for my daily dose of exercise.
Gemisht
November 17, 2008, 04:55:33 PM
Leechbabe - the eternal quest to keep all the dishes clean. Good luck with it
leechbabe
November 17, 2008, 04:10:07 PM
Folding washing Woo!
Just finished washing all the dishes that have been piling up since Thursday.
Then I made lunch and more dirty dishes D'oh!
Must stop eating and cooking and making more dirty dishes.
Brittany Kingston
November 17, 2008, 07:15:01 AM
Off to Tai Chi now. Catch you later.
Brittany Kingston
November 17, 2008, 06:39:37 AM
Hi all. I'm new here and already excited about getting started.
Gemisht
November 15, 2008, 10:46:40 PM
G'night All
Gemisht
November 13, 2008, 05:50:26 PM
Yeah 9.15
Show last 50
Themes
Helios_Multi TP
oxygen11final
Stats
Members
Total Members: 1062
Latest:
SFF
Stats
Total Posts: 40129
Total Topics: 3136
Online Today: 16
Online Ever: 275
(December 30, 2007, 10:48:05 PM)
Users Online
Users: 1
Guests: 14
Total: 15
Sueblimely
Visit the Aussie Bloggers Blog
Aussie Bloggers Forum
Forum
Technical Assistance & Blogging Discussion
Blogging In General
Preventing people viewing images directly
Pages: [
1
]
« previous
next »
Author
Topic: Preventing people viewing images directly (Read 1039 times)
swollenpickles
Top Sort
Posts: 459
I'm special.
Preventing people viewing images directly
«
on:
February 20, 2008, 05:47:39 PM »
I'm using wordpress and I'm wondering how I can stop people accessing my uploads folder (and its contents) directly. I was looking at my analytics and noticed a large number of people viewing an image in my uploads folder directly (must have got stumbled). How can I block that and/or redirect people requesting files from my uploads folder to my homepage?
eg. Currently people can view images directly by typing in a url like this:
http://www.url.com/uploads/08/image.jpg
When anyone does that, I want them to be redirected to
http://www.url.com
Logged
extreme blogging
>
recording
>
comics
>
guitar effects
>
car news
amyjoanna
Havin' A Squiz
Posts: 34
Re: Preventing people viewing images directly
«
Reply #1 on:
February 20, 2008, 07:17:34 PM »
I have the same problem too - for some reason people keep googling for a certain nineteenth century painting of Queen Elizabeth I and an image I've used previously is the number one search result in google images.
As far as stopping the initial problem of people linking to and visiting your image rather than your website, I have no idea - I'd be interested to see what advice everyone else has too!
Logged
MY NEW BLOG -
Desirable.co.uk
- All the best finds in fashion, homewares, gadgets and accessories.
MY PERSONAL BLOG -
AmyJoanna.co.uk
- travelling the world, one irrelevant post at a time.
Lani
Administrator
Legend
Posts: 1338
I am just testing this...
Re: Preventing people viewing images directly
«
Reply #2 on:
February 20, 2008, 08:53:16 PM »
They could be finding the images via an image search. Perhaps it is possible to change the folder permissions so that doesn't happen? But I don't really understand folder permissions.
Logged
Knitting For Afghanistan ~
The WinterWarm Project
~ Knitting Can Save Lives
Blogging Personal
~
The Cerebral Mum
~
Plato's Sandbox
"The diary is an art form just as much as the novel or the play. The diary simply requires a greater canvas."
~ Henry Miller
admin
Administrator
G'day Mate
Posts: 14
Re: Preventing people viewing images directly
«
Reply #3 on:
February 20, 2008, 09:24:19 PM »
Hrm, this is something I should have done before but never occurred to actually find a way.
Well after a quick search I find a couple of possible answers..
From
an apache tutorial
I got an example using the good old .htaccess file:
Quote
Here’s how I do it. First, we slap that regex down on the incoming HTTP request to gauge whether it’s a hotlinked image.
RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g|png)$ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !underscorebleach\.net [NC]
RewriteCond %{HTTP_REFERER} !bloglines\.com [NC]
RewriteCond %{HTTP_REFERER} !google\. [NC]
RewriteCond %{HTTP_REFERER} !search\?q=cache [NC]
RewriteRule (.*) /view_image.shtml?/$1 [R,NC,L]
Lines 2 through 6 allow hotlinking from my site, Bloglines, Google, and cached items. I also allow requests with a null HTTP_REFERER value to obtain the image; this occurs in the case of bookmarks, some proxies, some browser settings, some third-party privacy plugins, etc. If you try to get tricky and force users to have a referrer from your own domain, you’re likely to get yourself in trouble. Trust me.
The last line redirects users to an SHTML page. Notice that I pass the value of the REQUEST_URI as a parameter in the URL to view_image.shtml. In the source, I then use a simple SSI directive to output the image. Here is the source of view_image.shtml. (file has .txt extension but put it on your website as .shtml) [updated 9/14/05 for clarity]
A quick note about this redirection technique: You do need to actually redirect, that is, use the “R” flag on the RewriteRule. If you don’t, you’re going to feed the browser an HTML page when it’s expecting an image, and it’s liable to get confuzzled.
And voila! Now, when users link to your images, they get the image, but they also get an unavoidable little advertising pitch from you, the webmaster and payer of bandwidth bills.
There's a note in there that out-right denial can cause issues with some clients esp in the case if they're using a proxy etc.
Also from a reference manual there's also
this one
, but it's more for people with direct access to Apache config files.
As far as a simpler "all files in this dir need a referrer" well it's on that track but I'll see if I (or anyone else?) can refine it better.
Edit: In case you missed the first tutorial reffered to in the first link I gave,
read on it here
, possibly more relevant to what we're looking for here.
Quote
Here’s my anti-hotlinking .htaccess instructions:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://([-a-z0-9]+\.)?dorkytutorial\.com [NC]
RewriteRule \.(gif|jpe?g|png)$ - [F,NC,L]
Lines 2 and 3 establish the conditions for blocking an image from being rewritten. Line 2 says, to block client loading of the image, “the referrer must be not null.” Line 3 says, to block client loading of the image, “the referrer must not come from any domain of dorkytutorial.com”—and the “NC” part makes that check not case sensitive.
Line 4 checks that the filetype is a GIF, JPEG, JPG, or PNG, and if so, sends an HTTP 403 response of FORBIDDEN to the client (that’s the “F” part on the end). Also, the “L” flag means that this is the last rule to process, so that if an HTTP request matches this rule, don’t bother stepping through any further rewrite rules in the .htaccess. This one is mostly for effiency’s sake.
«
Last Edit: February 20, 2008, 09:36:38 PM by admin
»
Logged
--
"Always enjoying life as never knowing how long it will last."
kathiemt
Administrator
Legend
Posts: 1248
Re: Preventing people viewing images directly
«
Reply #4 on:
February 20, 2008, 11:09:00 PM »
Can't you just upload a blank index.htm to the uploads folder or set up a redirection order in cpanel for that folder?
Logged
Kathie M. Thomas
Author, Blogger, Virtual Assistant
http://www.vadirectory.net/blog/
- Working as a VA
http://www.soho-life.com
- Life in a small office
http://www.kathiemthomas.com
- Meet me at Facebook
swollenpickles
Top Sort
Posts: 459
I'm special.
Re: Preventing people viewing images directly
«
Reply #5 on:
February 21, 2008, 12:07:08 AM »
Quote from: kathiemt on February 20, 2008, 11:09:00 PM
Can't you just upload a blank index.htm to the uploads folder or set up a redirection order in cpanel for that folder?
I've tried the blank index.html and it didn't seem to work. Would you need to put it in each of the sub folders of the uploads folder? For example, wordpress creates a new folder under uploads each month.
Logged
extreme blogging
>
recording
>
comics
>
guitar effects
>
car news
Snoskred
Drive It Like You Stole It
Administrator
Legend
Posts: 2327
Bonfires In My Head
Re: Preventing people viewing images directly
«
Reply #6 on:
February 21, 2008, 12:09:50 AM »
That's optional, the monthly new folder thing. You can change it if you wanted to by ticking a box in the miscellaneous screen..
In fact none of the blogs I host should be using monthly folders because it causes issues with folder permissions.
Logged
~ Snoskred - Life In The Country ~
~ Snoskred provides
Wordpress Blog Hosting
~
~ Check out my big shiny
RSS Subscribe Icons
- free for all to download! ~
swollenpickles
Top Sort
Posts: 459
I'm special.
Re: Preventing people viewing images directly
«
Reply #7 on:
February 21, 2008, 10:35:13 AM »
Quote from: Snoskred on February 21, 2008, 12:09:50 AM
That's optional, the monthly new folder thing. You can change it if you wanted to by ticking a box in the miscellaneous screen..
In fact none of the blogs I host should be using monthly folders because it causes issues with folder permissions.
There you go, learn something new every day. If i ticked that box now would it screw things up?
Logged
extreme blogging
>
recording
>
comics
>
guitar effects
>
car news
Snoskred
Drive It Like You Stole It
Administrator
Legend
Posts: 2327
Bonfires In My Head
Re: Preventing people viewing images directly
«
Reply #8 on:
February 21, 2008, 03:09:09 PM »
No, not as long as you leave all the images where they currently are.
I think it will start putting images in the main folder area as soon as you untick it, might be best to try it and make sure.
Logged
~ Snoskred - Life In The Country ~
~ Snoskred provides
Wordpress Blog Hosting
~
~ Check out my big shiny
RSS Subscribe Icons
- free for all to download! ~
swollenpickles
Top Sort
Posts: 459
I'm special.
Re: Preventing people viewing images directly
«
Reply #9 on:
February 22, 2008, 12:00:02 PM »
Quote from: Snoskred on February 21, 2008, 03:09:09 PM
No, not as long as you leave all the images where they currently are.
I think it will start putting images in the main folder area as soon as you untick it, might be best to try it and make sure.
I might trial that on one of my old crappy wordpress blogs first.
So rather than a blank html index file, could I use that file to redirect to the homepage?
Logged
extreme blogging
>
recording
>
comics
>
guitar effects
>
car news
Snoskred
Drive It Like You Stole It
Administrator
Legend
Posts: 2327
Bonfires In My Head
Re: Preventing people viewing images directly
«
Reply #10 on:
February 22, 2008, 12:01:28 PM »
Possibly.
Note I am no expert on this like the Admin is.
Logged
~ Snoskred - Life In The Country ~
~ Snoskred provides
Wordpress Blog Hosting
~
~ Check out my big shiny
RSS Subscribe Icons
- free for all to download! ~
MarkSBurgunder
Global Moderator
True Blue
Posts: 87
Driving my Lamborghini
Re: Preventing people viewing images directly
«
Reply #11 on:
February 22, 2008, 03:16:13 PM »
If your blog is hosted on a server with cPanel, than have a look in the Security Section for "Hotlink Protection". That should let you set this type of redirection up without to many hassles.
Regards
Mark
Logged
Strawbale House
- Building Progress of Our Strawbale House
---
Avanti Hosting
- No Worries Web Hosting
www.avantihosting.com.au
email:
sales@avantihosting.com.au
phone: (07) 3129 0115
swollenpickles
Top Sort
Posts: 459
I'm special.
Re: Preventing people viewing images directly
«
Reply #12 on:
February 22, 2008, 07:19:54 PM »
Quote from: MarkSBurgunder on February 22, 2008, 03:16:13 PM
If your blog is hosted on a server with cPanel, than have a look in the Security Section for "Hotlink Protection". That should let you set this type of redirection up without to many hassles.
Regards
Mark
Ive handled hotlink protection by editing my htaccess file. When I use the cpanel i end up getting 403 errors for some reason.
Logged
extreme blogging
>
recording
>
comics
>
guitar effects
>
car news
MarkSBurgunder
Global Moderator
True Blue
Posts: 87
Driving my Lamborghini
Re: Preventing people viewing images directly
«
Reply #13 on:
February 23, 2008, 11:59:19 AM »
Quote from: swollenpickles on February 22, 2008, 07:19:54 PM
When I use the cpanel i end up getting 403 errors for some reason.
Hmm.. I just tried it on one of my own sites using cPanel and it worked without any problem.
I suggest you let your hosting provider know as they may have a misconfiguration somewhere.
You never know this might also stop you form using other features of cPanel in the future when you need them.
Logged
Strawbale House
- Building Progress of Our Strawbale House
---
Avanti Hosting
- No Worries Web Hosting
www.avantihosting.com.au
email:
sales@avantihosting.com.au
phone: (07) 3129 0115
swollenpickles
Top Sort
Posts: 459
I'm special.
Re: Preventing people viewing images directly
«
Reply #14 on:
February 23, 2008, 02:07:13 PM »
I've placed blank "index.htm" files in the relevant folders and its still possible to access the images directly. Here's what my htaccess file looks like. Any more ideas?
Code:
Options +FollowSymlinks
RewriteEngine On
RewriteBase /
#here the www rule
RewriteCond %{HTTP_HOST} !^www\.swollenpickles\.com$ [NC]
RewriteRule ^(.*)$ http://www.swollenpickles.com/$1 [R=301,L]
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?swollenpickles\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ - [F]
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Logged
extreme blogging
>
recording
>
comics
>
guitar effects
>
car news
Lani
Administrator
Legend
Posts: 1338
I am just testing this...
Re: Preventing people viewing images directly
«
Reply #15 on:
February 23, 2008, 06:12:35 PM »
No ideas from me.
touching the htaccess file freaks me out.
Logged
Knitting For Afghanistan ~
The WinterWarm Project
~ Knitting Can Save Lives
Blogging Personal
~
The Cerebral Mum
~
Plato's Sandbox
"The diary is an art form just as much as the novel or the play. The diary simply requires a greater canvas."
~ Henry Miller
Anonymum
A woman of excess
Administrator
Legend
Posts: 1218
I may be getting older, but I refuse to grow up
Re: Preventing people viewing images directly
«
Reply #16 on:
February 23, 2008, 06:52:55 PM »
Just looking at that file makes me break out in a sweat, so I'm not much good either I'm afraid...
Logged
Reflections and solace
...under the Southern Cross
MarkSBurgunder
Global Moderator
True Blue
Posts: 87
Driving my Lamborghini
Re: Preventing people viewing images directly
«
Reply #17 on:
February 24, 2008, 08:19:06 AM »
Following is what cPanel has put into the .htaccess file where I have set-up Hotlink Protection:
Code:
RewriteCond %{HTTP_REFERER} !^http://3blacketst.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://3blacketst.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.3blacketst.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.3blacketst.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|JPG|JPEG|GIF|PNG|BMP)$ http://3blacketst.com [R,NC]
This actually redirects a browser to the homepage is someone is going straight to an image file.
URL for an image to try if you want:
http://3blacketst.com/IMG_0903.JPG
PS: That house is actually for sale...
Logged
Strawbale House
- Building Progress of Our Strawbale House
---
Avanti Hosting
- No Worries Web Hosting
www.avantihosting.com.au
email:
sales@avantihosting.com.au
phone: (07) 3129 0115
swollenpickles
Top Sort
Posts: 459
I'm special.
Re: Preventing people viewing images directly
«
Reply #18 on:
February 24, 2008, 11:42:15 PM »
Quote from: MarkSBurgunder on February 24, 2008, 08:19:06 AM
Following is what cPanel has put into the .htaccess file where I have set-up Hotlink Protection:
Code:
RewriteCond %{HTTP_REFERER} !^http://3blacketst.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://3blacketst.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.3blacketst.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.3blacketst.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|JPG|JPEG|GIF|PNG|BMP)$ http://3blacketst.com [R,NC]
Thanks Mark. I've given that code a go, so in theory, clicking this image should redirect to my homepage;
http://www.swollenpickles.com/wp-content/uploads/2007/11/logono1.jpg
so this is what i have now:
Code:
Options +FollowSymlinks
RewriteEngine On
RewriteBase /
#here the www rule
RewriteCond %{HTTP_HOST} !^www\.swollenpickles\.com$ [NC]
RewriteRule ^(.*)$ http://www.swollenpickles.com/$1 [R=301,L]
RewriteCond %{HTTP_REFERER} !^http://swollenpickles.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://swollenpickles.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.swollenpickles.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.swollenpickles.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|JPG|JPEG|GIF|PNG|BMP)$ http://www.swollenpickles.com [R,NC]
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Logged
extreme blogging
>
recording
>
comics
>
guitar effects
>
car news
MarkSBurgunder
Global Moderator
True Blue
Posts: 87
Driving my Lamborghini
Re: Preventing people viewing images directly
«
Reply #19 on:
February 25, 2008, 12:03:03 PM »
Hmm... That should work ...
Do you know what version of Apache is used by your web host?
Logged
Strawbale House
- Building Progress of Our Strawbale House
---
Avanti Hosting
- No Worries Web Hosting
www.avantihosting.com.au
email:
sales@avantihosting.com.au
phone: (07) 3129 0115
swollenpickles
Top Sort
Posts: 459
I'm special.
Re: Preventing people viewing images directly
«
Reply #20 on:
February 25, 2008, 12:07:41 PM »
Quote from: MarkSBurgunder on February 25, 2008, 12:03:03 PM
Hmm... That should work ...
Do you know what version of Apache is used by your web host?
Not sure to be honest. I'm with Hostgator right now.
So if you click this link what do you see?
http://www.swollenpickles.com/wp-content/uploads/2007/11/logono1.jpg
edit: this is bizarre, the image above no longer appears in the post. I'm buggered if I know what's happening. See if this logo displays.
http://www.swollenpickles.com/wp-content/uploads/2007/11/logono2.jpg
«
Last Edit: February 25, 2008, 12:09:49 PM by swollenpickles
»
Logged
extreme blogging
>
recording
>
comics
>
guitar effects
>
car news
swollenpickles
Top Sort
Posts: 459
I'm special.
Re: Preventing people viewing images directly
«
Reply #21 on:
February 26, 2008, 10:29:52 AM »
Ok, had a disaster last night. Enabled hotlink protection via cpanel, and all my sites went to crap at the same time (they are hosted as "add on domains"). Not pretty. Long story short, I've gone back to what I had originally (thankfully I backed up everything on my server at the end of Jan).
Logged
extreme blogging
>
recording
>
comics
>
guitar effects
>
car news
Pages: [
1
]