WordPress.org

Ready to get started?Download WordPress

Forums

hotlinking protection for WP Mu (6 posts)

  1. playablogs
    Member
    Posted 2 years ago #

    How can you protect images form being hotlinked on WP MU, since there are multpiple subdomains on the site.

    For example on this blog http://blogs.playablogs.com/

    To redirect the image http://blogs.playablogs.com/files/2011/08/reading.gif if it is hotlinked to another image on that domain or even another domain, for example to this image http://www.playablogs.com/banners2/hot.gif

    Thanks

  2. MickeyRoush
    Member
    Posted 2 years ago #

    What do you currently use in your .htaccess for disabling hotlinking?

    Can you post it here?

  3. playablogs
    Member
    Posted 2 years ago #

    Hi Mickeyroush

    # ultimate hotlink protection
    <IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{REQUEST_FILENAME} -f
    RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g?|png)$ [NC]
    RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?playablogs\. [NC]
    RewriteRule \.(gif|jpe?g?|png)$ - [F,NC,L]
    </ifModule>

    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]

    # uploaded files
    RewriteRule ^files/(.+) wp-includes/ms-files.php?file=$1 [L]

    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^ - [L]
    RewriteRule . index.php [L]

  4. MickeyRoush
    Member
    Posted 2 years ago #

    Your problem is this line:

    RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?playablogs\. [NC]

    This means to exclude all all variations of the owner’s URL allowing these images to be hotlinked to your own domain (and sub-domains). Without this exclusion you would block images from being viewed normally on your site anywhere. So it must be stay there. It only disables hotlinking if those files are not referred by your domain. (Example: If another top level domain (other website) wants to hotlink your images.)

    In order to stop hotlinking within your own site to other sub-domains, you would have to but something like this in a .htaccess file in your 'files' directory if you do not want hotlinking for the file 'reading.gif' in your example above.

    But this may prevent normal usage of any files in the 'files' directory. I'm not sure, you could try it.

    Create a separate .htaccess file for you 'files' directory and place the following rules in it. I've also removed the 'L' in the last line as it is not needed when using 'F', as using 'F' assumes that it is the last rule. Also, I would leave out the IfModules, they are only there to keep your site from crashing if the rules don't work. If your site doesn't produce any errors, how do you know if it's causing problems or not even working? Remember, this is for an .htaccess file that goes in your 'files' directory only.

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{REQUEST_FILENAME} -f
    RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g?|png)$ [NC]
    RewriteCond %{HTTP_REFERER} !^https?://blogs\.playablogs\.com/files/ [NC]
    RewriteRule \.(gif|jpe?g?|png)$ - [F,NC]

  5. MickeyRoush
    Member
    Posted 2 years ago #

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{REQUEST_FILENAME} -f
    RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g?|png)$ [NC]
    RewriteCond %{HTTP_REFERER} !^https?://blogs\.playablogs\.com/files/ [NC]
    RewriteRule \.(gif|jpe?g?|png)$ - [F,NC]
  6. playablogs
    Member
    Posted 2 years ago #

    Thanks for the help MickeyRoush, but the problem is.

    When end users go to http://playablogs.com and signup for a free hosted blog, the server generates a subdomain on the fly, how do I protect hotlinking on multiple subdomains with the one .htaccess file.

    This is how the WP MU script works, they signup, get their own subdomain and WP installed.

    Thanks for your time and efforts.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.