1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

code/solution to prevent hotlinking

Discussion in 'Web Design & Development' started by rh71, Jan 17, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. rh71

    rh71 Thread Starter

    Joined:
    Jun 13, 2000
    Messages:
    103
    I have a site with videos but I want to prevent people from directly linking to the vids' direct URLs... I want them to have to click the links from my homepage only (no direct linking to vids from the outside)... what's the easiest solution for this ? I know that one way is to check for the referrer but how exactly ?

    The webhost runs on WIN2003 (I believe IIS) and handles PHP and ColdFusion.
     
  2. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    In PHP - you could set a session variable on the page they're supposed to be coming from. Then you can check if that variable exists before streaming the video using header() and readfile().
     
  3. Willy Duitt

    Willy Duitt Banned

    Joined:
    Oct 17, 2003
    Messages:
    119
    You could also use .htaccess to prevent hotlinking to your videos...
    Here's what I use to prevent hotlinking images...

    Code:
    You can either cause the hotlinkers to get a broken image or specify an 
    alternate image to be shown in it's place, something that maybe has some 
    message politely informing the thief to buy their own bandwidth.
    
    to produce a broken image
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain.com/.*$ [NC]
    RewriteRule \.([color=red]gif|jpg[/color])$ - [F]
    
    [color=blue]replace domain.com with your domain[/color]
    
    to specify an alternate image to be shown
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain.com/.*$ [NC]
    RewriteRule \.([color=red]gif|jpg[/color])$ http://www.domain.com/stop-stealing.gif [R,L]
    
    again replace the domain with yours and stop-stealing.gif with the image of your choice
    
    
    Add your file extensions too, or replace those in red...


    .....Willy
     
  4. namenotfound

    namenotfound

    Joined:
    Apr 30, 2005
    Messages:
    3,012
  5. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    He's running IIS anyway...
     
  6. Willy Duitt

    Willy Duitt Banned

    Joined:
    Oct 17, 2003
    Messages:
    119
    Has the O/P confirmed this somewhere offboard?? [​IMG]
    (could be an apache server with a cold fusion module)

    And no, namenotfound - you need not worry about getting caught in a loop...
    The line preceding the one you quoted uses regExp to match the referrer to your domain - if this condition is not met the rule is changed to subsitute another image, it does not matter the file extension only the referrer...

    .....Willy

    EDIT: If the O/P is hosting the site on the server his personal page which he has linked in his sig is hosted on - then yes, it is an IIS server...

     
  7. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    No, did he confirm offboard that he's running Apache :rolleyes:
     
  8. Willy Duitt

    Willy Duitt Banned

    Joined:
    Oct 17, 2003
    Messages:
    119
    I offered a possible solution not only directed towards the O/P but to anyone else whom browses here thru a forum search or search engine... You made a definitive statement as if you knew for a fact... :rolleyes:

    And seeing as the O/P was unsure, how could you definitively know unless you were informed offboard or did what I did and poll his server... But I doubt you have the wherewithall to do the latter and besides, that may not even be the server the site is hosted on... So you could roll your eyes back in your head... :eek:


    .....Willy
     
  9. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    Then maybe it would be helpful to mention that .htaccess does not work on IIS on a server that is most likely running it when you post an htaccess script...

    BTW, no one's impressed that you can run telnet.
     
  10. Willy Duitt

    Willy Duitt Banned

    Joined:
    Oct 17, 2003
    Messages:
    119
    There you go making assumptions again...
    And how about we let this thread return to the topic at hand and await for the O/P to confirm what server he is using... If he indeed is using an IIS server I could also provide a solution for that but it would require him installing a module and I would need to know if he has admin rights...

    .....Willy
     
  11. jiml8

    jiml8 Guest

    Joined:
    Jul 2, 2005
    Messages:
    2,634
    Children, behave!

    And I will point out that OP's avatar is very clearly female.

    If she's hosting on IIS she should switch to a *nix anyway because IIS sucks dishwater. ;)
     
  12. rh71

    rh71 Thread Starter

    Joined:
    Jun 13, 2000
    Messages:
    103
    - no i'm not female... that's jessica alba...

    - sorry for the confusion guys... but I have switched to an apache webhost now (not because of this issue) and modding .htaccess was fairly simple to get what I wanted done.

    Thanks all.

    BTW, if anyone's a hockey fan... it was for http://www.ovechkinfans.com
     
  13. MusicMan2007

    MusicMan2007

    Joined:
    Jan 11, 2007
    Messages:
    1
    Hi TechGuy Forum Volunteers,
    Thanks for an excellant resource addressing a problem Ive been working on for quite a while.
    Not to be redundantredundant.....
    but will the coding suggestions offered above on this blog answer my question or is there additional tweeking needed.
    thanks in advance and here is my question. MusicMan2007
    I have a wmv and flv files that are large
    150mb in size. I wish to prevent hotlinking and anyone accessing thru direct URL or framing etc etc.
    My goal is to allow the wmv & flv files to load only from within my own site. My bandwidth is costly enough without others having access. I do not wish to have viewers enter passwords etc. to access.
    I wish visitors to load video from within my site, thats ok, but any other way to access will be thwarted is my goal. my htaccess coding works preventing hotlinking but not direct url addy access, they can still access. Kudos given if you can help me reach my goal.
    Recap: Apache server virtualhosting allowing my htaccess files to be placed.
    ....no hotlinking
    ....no framing access
    ....no direct url entry
    Yes from only within my site with no passwords.
    Keep up the great work!
    MusicMan2007
    ok to reply with email on file as sometimes Im unable to surf often
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/434970

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice