Not allowing URL's with certain phrases link to images

[xxkylexx]

Hey guys,

I run a Image Hosting site and would like to try and use some measures to help prevent abuse. Is there any way I can disallow a URL from linking to my images that would have a certain phrase in it?

Example: Any site that had the term "toplist" or "topsite" in it would no be able to link a working image.

I know I read a tutorial on stopping a individual URL from linking using mod_rewrite and .htaccess, but I would like to block out an entire phrase from any url.


Thanks.


Kyle

 

[B33R]

RewriteEngine on
RewriteCond %{HTTP_REFERER} (toplist) [NC,OR]
RewriteCond %{HTTP_REFERER} (topsite) [NC]
RewriteRule .*\.(jpe?g|gif|bmp|png)$ - [F,L]

That returns a 403 forbidden message when the referer includes the words toplist or topsite.

To show another image eg. "Blocked!", replace the last line with this:

RewriteRule .*\.(jpe?g|gif|bmp|png)$ /blocked.gif [L]

 

[xxkylexx]

Awesome! Thanks for that info b33r. How would I go about adding more phrases to the list?


Also, one other thing. If someone is linking to an Image, and I decide to remove that image from the database/server. Is there a way I can use mod_rewrite to display another small image type deal in it's place-- explaining this image was removed, something to that sort.

Thanks!
Kyle

 

[B33R]

To add more phrases, add a line like this between the current toplist and topsite lines.

RewriteCond %{HTTP_REFERER} (enterwordhere) [NC,OR]

If you remove an image the easiest way to show it's missing is to add a 404 page. Every time someone looks for something (images or pages) that aren't there, they get sent to this.
This line needs to go first in your .htaccess file:

ErrorDocument 404 http://www.mysite.com/404.gif

Otherwise you'll need something like this (put in your .htaccess file after the "Rewrite Engine On" line)

RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g)$ [NC]
<FilesMatch "\.(gif|jpe?g)$">
  ErrorDocument 404 http://www.mysite.com/404.gif
</FilesMatch>

I haven't tested this last piece of code so it may not work.

.

 

[TwistMyArm]

Is there a reason you so desperately want to do this all by htaccess? If I were you I'd force all of my images to be linked to via a PHP script then use the PHP script to filter out the referrals I don't want... but that's just me!

 

[xxkylexx]

Well, linking totally by PHP script can be a problem when trying to embed images into certain sites/forums.

Thanks for the info again, b33r.


Kyle

 

[TwistMyArm]

Ah... true. You could always go the other way, then, and instead of making htaccess do all of the work, use htaccess to point your images to the PHP script that way. Hence, users still access it as per usual but in reality, it all gets processed by the PHP script. No-one would ever know the difference!

Glad you got it sorted, though.

 

[monaco]

This seems like a perfect use for a php script:

Have one script, call it getImage.php and pass the request in the URL like, getImage.php?id=34324e32a, pull the image out of the database, and return it. This way, you can look at the referrer field and do more complex things with it than mod_rewrite will allow (like return the goatse.cx image with a message about hotlinking for topsites...hehe) or return a custom "404ish" image for images requested that aren't in the db.

 

[xxkylexx]

The 404 rewrite works great, however, having some issues with the phrase blocking one:

Using the following code in my .htaccess:

RewriteCond %{HTTP_REFERER} (toplist) [NC,OR]
RewriteCond %{HTTP_REFERER} (topsite) [NC]
RewriteRule .*\.(jpe?g|gif|bmp|png)$ http://imagenerd.com/images/blocked.jpg [L]

It is blocking the image from being displayed properly, however, it isn't displaying the image, http://imagenerd.com/images/blocked.jpg, in it's place.

Any ideas?

 

[adam_uk]

Is there a reason you so desperately want to do this all by htaccess? If I were you I'd force all of my images to be linked to via a PHP script then use the PHP script to filter out the referrals I don't want... but that's just me!

while this idea will work from a server admins POV its insane.

why put a php script in the middle of process? you only increase the load on the servers as the script needs to execute, process any code, get the file, open the file and echo the output.

.htaccess just validates the rules on the actuall query hitting the server.

php is good but doesnt do the best work with every task.

with not showign the image try this

RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/blocked.jpg [L]

 

[xxkylexx]

Thanks for the reply, Adam. However, still doesn't seem to be working. Any other ideas?

 

[blacksnday]

Is there a reason you so desperately want to do this all by htaccess? If I were you I'd force all of my images to be linked to via a PHP script then use the PHP script to filter out the referrals I don't want... but that's just me!

There are actually alot of websites that block images with a url of something like:
img.php?img=100
img.php

or other numerous ways alot of people like to do it.

even with a .htaccess rewrite its hard to make it dynamic such as:
image.gif?img=100
which is still easily blocked by alot of websites.

If you really wanted to go the htaccess rewrite to a php script
and not get blocked by sites that know the trick and dont allow it
then you have to get clever with your coding to make it truly dynamic
and it still seem to be a true image(even though most of the time is still is)

such as what I made for my website/member's rss forum sig which is
accessed like:
http://bashmyex.com/rss/blacksnday.png

where if you change the name...
bashmyex.png or goat.png or any member name...
it shows their rss feed as a gif image.

Similar to FeedBurner's offerings

 

[monaco]

Maybe he thinks apache's mod_rewrite and .htaccess options are cool

Seriously though, using PHP to handle images is the best idea IMO.