I have a webcam which I have found people hotlinking to. Worse, they have submitted it to google maps as their own webcam, creating a second problem for me to fix. For now, I am moving the image, its in the public files of my webserver. I would like to protect this image further, but I am not sure how.
Is it possible to limit what pages an image can be served on? I found this example in a closed thread that seems to be geared at something similar, but this one is geared at all the images in the site. For me, i have 1 specific image I want to lock down. For sake of example, lets say you can see it online by visiting “mysite .com/ftp/1.jpg”. Could I rewrite this rule the following rule in a similar fashion?
My other idea is to move this file outside of the webroot, into a private directory and serve it on a page through a viewer of some type or javascript like I do now.
edit: Found some related info here in another post
What are some solutions to lock down a webcam access?
edit: I posted this because I thought I had it working, the images stopped showing up on the offending domain. However I didnt check and somehow, it also broke the function of the images on the sites I want it on. Ideally, I currently have a few whitelisted sites to display it on and 1 blacklisted one.
So, I am still working on a solution…
#stops people from viewing htaccess rules
<Files .htaccess>
order allow,deny
deny from all
</Files>
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://.* badguys domain\\.com [NC,OR]
RewriteRule .* - [F]
I think my syntax was wrong in the last one. The OR command, I cannot find it in the docs, so I figured it was best to remove it. I also added the Last line command to the last line : ) Also added the followsymlinks part. At last I have it working, I tested 2 of the sites and they still work, while the offender is banned!
GOOD WORK! Indeed, the OR is to counter the automatic AND between RewriteCond statements and the Last flag is normally needed to end a mod_rewrite block (but I don’t believe that it’s required with a Fail flag). As for the +FollowSymlinks, that should be in the server config file so it’s not really needed here.
Your first inclination, though, was also good: RewriteCond %{HTTP_REFERER} !(www\.)?mysite\.com/ [NC,OR] as the first RewriteCond, i.e.,
Thank you for explaining this!!! I found a few pages and read up on the syntax but couldnt figure that part out.
I am starting to understand the syntax better now. Yes, what you mentioned is more of a permanent fix. Instead of blacklisting one by one, it whitelists allowed sites. I have 4 to whitelist, maybe more soon. So I think I need to rewrite the rule:
Im not 100% if I need the OR in between each whitelisted site. Anyways, I am off to try this rule later and see how it works. Before implementation, I am wondering how I can further my search for anyone else hotlinking to the image. ideally, I am going to email them and anyone who has is a potential inbound link. I am going to approach all of them and say that the feed can be allowed to display in a variety of ways IF they setup the proper links.
In my specific case here, I had to make sure the break the feed for a short time to prove that they were not hosting the feed. this was successful as the webcam site already emailed me back and updated their info. Now onto a permafix…
Here, I’ve used the pipes within an atom to do my OR’ing for me as only one grouping needs to be matched (I left the .com in the atom as you may have a .org or .net that you want to whitelist, too, but the \.com should be moved outside the grouping parentheticals for simplicity’s sake).
Actually, the second RewriteCond will be matched by the first so it’s superfluous (not needed so it and the OR flag above can be deleted).
Yes, because you wanted to whitelist every member of that group, OR was correct between those conditions.
I’m happy to see that you did not OR the RewriteCond statements with the RewriteRule (which would have been a logical error).
If your list of whitelisted or banned sites expands, you may want to look into RewriteMaps (from the link above) but that does require access to the server or virtual host configuration file (because a syntactical error can bring the server down).
A RewriteMap can only be used by setting it up in the httpd.conf (or Linux’s Apache2.conf) or the httpd-vhost.conf file BECAUSE any syntax error can bring an entire server down (not good for shared servers - too easy to inadvertently create a DOS attack on yourself!). However, I’m sure a host would upload a tested block of code for you to alleviate server load.
