We are happy to inform you that Helicon Ape 1.0.0.15 and newer may boast additional functionality and especially mod_hotlink module. And for you to feel its power we offer a brief overview reinforced by real practical examples.
mod_hotlink module is aimed at protecting your web server from people stealing your traffic by directly linking to the content on your server. This is especially important for those having image, video, documents archives and other downloadable content.
After enabling mod_hotlink your site will work as if nothing happened, all search engines and backward links will still be valid, all user’s favorites will remain working. But if someone tries to embed your stuff directly on their site, they will only see an error message or your site’s logo. You can save tons of traffic and thus money. You can even turn these hotlinks into real visitors by redirecting hotlink request to your site’s homepage.
Protection methods
mod_hotlink offers three protection methods each having it's advantages and peculiarities:LINK: This is the most comprehensive and powerful protection method. In this mode mod_hotlink edits each link to protected content on your site by adding special cryptographic signature. You specify expiration time for the signature on the expiry of which link becomes invalid (e.g. 30 minutes after it was requested). LINK method is not sensitive to HTTP Referer modifications, disabled cookies or JavaScripts in user’s browsers. mod_hotlink is capable of protecting any file types including streaming media and embedded content.
REFERER: Simply checks HTTP
Referer
header and rejects all requests to the protected content from unknown sites. You may use white and black lists based on Referer
and User-Agent
values to allow friendly sites requests and protect against some ugly hacks. This method does not require any configuration or modification to your site and is a convenient way to protect image archives.REDIRECT: Checks
Referer
header value but performs a redirect to a temporary signed link instead of returning content. It may be difficult to understand the theory of this method, but the only thing you need to know is that it provides moderate protection level to preserve some embedded content that cannot be protected by REFERER method - content like PDF files, Flash and Media Player movies, audio and so on. Just as in the previous method you don’t have to change anything - just enable mod_hotlink and specify a protection folder.Examples
Enough of theory and it's time for examples we've promised before. Following are examples for each protection method with thorough explanation.1. Referer protection method
The task is to protect all images from hotlinking; allow referers from your own site and empty referers.The solution using mod_rewrite is:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https?://(?:www\.)?yourdomain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F]
The same solution using mod_hotlink looks like:<FilesMatch \.(jpg|jpeg|png|gif)$>
HotlinkProtect / [Referer]
HotlinkAllow Referer ^$
HotlinkAllow Referer ^https?://(?:www\.)?yourdomain.com
</Files>
How it works:When a browser makes a request, it passes
Referer
header that shows the URL of the page with the requested resource.Say you have a page default.html on your site www.yourdomain.com and there's also a link
<a href=”/img/picture.gif”>picture</a>
. If you click on this link, the browser generates the following request:GET /img/picture.gif HTTP/1.1
Host: www.yourdomain.com
Referer: http://www.yourdomain.com/default.html
Note! If you directly put the address of the resource into the browser address bar (e.g. http://www.yourdomain.com/img/picture.gif), Referer
header is not passed.Referer
header value is verified for specified file types, i.e. jpg|jpeg|png|gif.-
HotlinkAllow Referer ^$
– allows access ifReferer
header is empty or missing. -
HotlinkAllow Referer ^http(s)?://(www\.)?yourdomain.com
– allows access ifReferer
header starts with your domain name. - All others will get "403 Forbidden" for this request.
2. Redirect protection method
Redirect method is usually used to protect .pdf and .swf files as Internet Explorer sets incorrectReferer
header for such files when the user clicks "Save As…"<FilesMatch \.(?:pdf|swf)$ >
HotlinkSignature password
HotlinkProtect / [Redirect]
HotlinkAllow Referer ^$
HotlinkAllow Referer ^https?://(?:www\.)?yourdomain.com
</Files>
How it works:- The user requests the page (e.g. default.html). This page has a tag
<a href="/doc/test.pdf">pdf</a>
. - The browser requests http://www.yourdomain.com/doc/test.pdf and passes
Referer http://www.yourdomain.com/default.html
. - mod_hotlink checks the rules (given above).
HotlinkAllow Referer ^http(s)?://(www\.)?yourdomain.com
– allows further procesing.- Instead of granting direct access to test.pdf mod_hotlink performs redirect to a dynamically generated address http://www.yourdomain.com/doc/90f630427786fd84/test.pdf.
- Browser requests http://www.yourdomain.com/doc/90f630427786fd84/test.pdf.
- mod_hotlink verifies signature validity and then grants access to test.pdf.
3. Link protection method
Link protection is completely independent onReferer
header. But it requires manual links correction on pages.For this example we need the following files in the root of the site:
- default.html
- .htaccess
- test.pdf
<object data='xxxxxxxxxxxxxxxx/test.pdf' type='application/pdf' > </object>
.htaccess must be configured as follows:SetEnv mod_hotlink
HotlinkSignature password
<Files *.pdf>
HotlinkProtect / [Link]
</Files>
When the user requests default.html mod_hotlink replaces Xs in the tag with specifically generated sequence:<object data='90f630427786fd84/test.pdf' type='application/pdf'> </object>
How it works:- The user requests the page (e.g. default.html).
- mod_hotlink replaces xxxxxxxxxxxxxxxx in the tag with dynamically generated signature.
- The browser finds the tag
<object data='90f630427786fd84/test.pdf' type='application/pdf' > </object>
and makes a subrequest http:// www.yourdomain.com/90f630427786fd84/test.pdf (no matter Referer is passed or not). - mod_hotlink verifies signature validity and then grants access to test.pdf.
Best regards,
HeliconTech Team
Hey is there any way that if the person who is hot-linking you, their users get re-directed to your site.
ReplyDeleteI have this site but I want the competitors to take a bunch of stuff then when they take enough, I plan on switching on this code then BAM instant customers.
Sure, it's possible. Here's the code for mod_hotlink in Helicon Ape:
ReplyDelete<FilesMatch \.(jpg|jpeg|png|gif)$>
HotlinkType Referer
HotlinkError http://www.yourdomain.com/
HotlinkAllow Referer ^$
HotlinkAllow Referer ^https?://(?:www\.)?yourdomain.com
</FilesMatch>
And here's the syntax for ISAPI_Rewrite3:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https?://(?:www\.)?yourdomain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ http://www.yourdomain.com/ [NC,R,L]
ok that did not work, it stops the access to my content which I already have. but it does not send them to my homepage.
ReplyDeleteHi, Mr.Pro.
ReplyDeleteWe'd love to help you, so let's move our discussion to our support forum. Please create new post in the appropriate forum http://www.helicontech.com/forum/ and give a thorough description of your needs.
alright I started one. http://www.helicontech.com/forum/forum_posts-TID-12410.htm thanks!
ReplyDelete