WordPress.org

Support

Support » How-To and Troubleshooting » hotlinking protection for WP Mu

hotlinking protection for WP Mu

Viewing 5 replies - 1 through 5 (of 5 total)
  • MickeyRoush
    Member

    @mickeyroush

    What do you currently use in your .htaccess for disabling hotlinking?

    Can you post it here?

    playablogs
    Member

    @playablogs

    Hi Mickeyroush

    # ultimate hotlink protection
    <IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{REQUEST_FILENAME} -f
    RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g?|png)$ [NC]
    RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?playablogs\. [NC]
    RewriteRule \.(gif|jpe?g?|png)$ – [F,NC,L]
    </ifModule>

    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ – [L]

    # uploaded files
    RewriteRule ^files/(.+) wp-includes/ms-files.php?file=$1 [L]

    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^ – [L]
    RewriteRule . index.php [L]

    MickeyRoush
    Member

    @mickeyroush

    Your problem is this line:

    RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?playablogs\. [NC]

    This means to exclude all all variations of the owner’s URL allowing these images to be hotlinked to your own domain (and sub-domains). Without this exclusion you would block images from being viewed normally on your site anywhere. So it must be stay there. It only disables hotlinking if those files are not referred by your domain. (Example: If another top level domain (other website) wants to hotlink your images.)

    In order to stop hotlinking within your own site to other sub-domains, you would have to but something like this in a .htaccess file in your ‘files’ directory if you do not want hotlinking for the file ‘reading.gif’ in your example above.

    But this may prevent normal usage of any files in the ‘files’ directory. I’m not sure, you could try it.

    Create a separate .htaccess file for you ‘files’ directory and place the following rules in it. I’ve also removed the ‘L’ in the last line as it is not needed when using ‘F’, as using ‘F’ assumes that it is the last rule. Also, I would leave out the IfModules, they are only there to keep your site from crashing if the rules don’t work. If your site doesn’t produce any errors, how do you know if it’s causing problems or not even working? Remember, this is for an .htaccess file that goes in your ‘files’ directory only.

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{REQUEST_FILENAME} -f
    RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g?|png)$ [NC]
    RewriteCond %{HTTP_REFERER} !^https?://blogs\.playablogs\.com/files/ [NC]
    RewriteRule \.(gif|jpe?g?|png)$ – [F,NC]

    MickeyRoush
    Member

    @mickeyroush

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{REQUEST_FILENAME} -f
    RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g?|png)$ [NC]
    RewriteCond %{HTTP_REFERER} !^https?://blogs\.playablogs\.com/files/ [NC]
    RewriteRule \.(gif|jpe?g?|png)$ - [F,NC]
    playablogs
    Member

    @playablogs

    Thanks for the help MickeyRoush, but the problem is.

    When end users go to http://playablogs.com and signup for a free hosted blog, the server generates a subdomain on the fly, how do I protect hotlinking on multiple subdomains with the one .htaccess file.

    This is how the WP MU script works, they signup, get their own subdomain and WP installed.

    Thanks for your time and efforts.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘hotlinking protection for WP Mu’ is closed to new replies.