Skip to main content

User account menu

  • Log in
BXTra.net

Breadcrumb

  • Home
  • Articles
  • [HOW-TO] Prevent Hotlink in Drupal 6 + Apache

[HOW-TO] Prevent Hotlink in Drupal 6 + Apache

By BXTra | 12:37 AM PST, Tue February 15, 2011
Drupal
Apache

As far as I can remember, to prevent hotlink in Drupal is not that easy. If you search website to look for prevent hotlink, you will find a lot of them to use with .htaccess file. But those are not for Drupal. You can't just use it in Drupal .htaccess file, that won't work. However, I have a set of code that work great. Actually, I have this code long time ago but I can't remember where I got it from. Thanks for the guy that provide it. Too bad that I didn't save link at that time.

So, now, here is what we have to do :

Create .htaccess file under "files" directory : (Here, I use old Drupal structure. So, my files directory is just one level down from root web folder.)

nano -w /home/admin/public_html/files/.htaccess

Paste code below into it.

.htaccess file under files directory

SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
Options None
Options +FollowSymLinks
# Prevent Hotlink
SetEnvIfNoCase Referer "^$"  local_ref=1
# Next authorized domains
SetEnvIfNoCase Referer "^http://(www\.)?bing\.com" local_ref=1
SetEnvIfNoCase Referer "^http://(www\.)?google\.com" local_ref=1
SetEnvIfNoCase Referer "^http://(www\.)?facebook\.com" local_ref=1
# File extensions that you want to protect
<FilesMatch "\.(bmp|jpe?g|gif|png)">
 Order Allow,Deny
 Allow from env=local_ref
</FilesMatch>

You can allow some websites to do hotlink to your website. Example above, I allow bing.com, google.com and facebook.com to be able to hotlink from my website.

About text formats
  • No HTML tags allowed.
  • Web page addresses and email addresses turn into links automatically.
  • Lines and paragraphs break automatically.

Frances

13 years 7 months ago

Permalink

Not working

Tried using this for my drupal and testing here >> http://www.free-webhosts.com/hotlinking-checker.php if it's working, but the images are still displaying. Hence this code is not working.

This is what I have:

SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
Options None
Options +FollowSymLinks
# Prevent Hotlink
SetEnvIfNoCase Referer "^$" local_ref=1
# Next authorized domains
SetEnvIfNoCase Referer "^http://(www\.)?gallery.speedymirror\.com" local_ref=1
SetEnvIfNoCase Referer "^http://(www\.)?gallery.goldlilys-media\.com" local_ref=1
# File extensions that you want to protect
<FilesMatch "\.(bmp|jpe?g|gif|png)">
Order Allow,Deny
Allow from env=local_ref
</FilesMatch>

Is this wrong?

  • Reply

BXTra

13 years 7 months ago

Permalink

In reply to Not working by Frances

I'm not sure what is wrong

I'm not sure what is wrong but it's working for me. I just tested it with the link you provided. No image shows.



One thing though, My "files" directory is located at "/public_html/files" but with newer Drupal, that "files" directory location is changed to "/public_html/sites/default/files". With that path, I never tried if it work or not.

  • Reply

BXTra

13 years 7 months ago

Permalink

In reply to I'm not sure what is wrong by BXTra

Just tested with another

Just tested with another website with the path "/public_html/sites/default/files". It is working as it should be. What I did is just copied the code I provided and paste them into .htaccess file. (Drupal 6.21) So, my question now is if you put that .htaccess file in the correct location?
  • Reply

Frances

13 years 7 months ago

Permalink

Not working 2

Because of the input format, the filematch tags are disappearing but that's part of the code, exactly same as yours
  • Reply

Frances

13 years 7 months ago

Permalink

Working now

Tested it again. Actually if you visit that exact image from your site and it's cache on the browser then test it out, it shows up. I cleared all my cache and when I tested again, it works. Sorry about the trouble. I was getting impatient because I looked at the other threads for preventing hotlinking on drupal and each one breaks imagecache. Yours was the only one that didn't. Thank you so much. FYI: you should really disable the preview on comments, have to fill in captcha each time and kind of long winded.
  • Reply

BXTra

13 years 7 months ago

Permalink

In reply to Working now by Frances

Glad it works for you :)

Glad it works for you :) Also, I just set Preview as an optional per your suggestion. Thanks :)
  • Reply

OMD

13 years 7 months ago

Permalink

tried this for ppt, pdf files

Hi, I tried your code for ppt and pdf files in my files directory. It had the effect of letting anonymous users still hotlink to the file, but authenticated users could not download file attachments. This is the opposite of what I was trying to achieve. Any ideas?
  • Reply
  • Add new comment

  • Will the router get the Openvpn as a client option?
    5 years 6 months ago
  • cancellation
    5 years 7 months ago
  • Router ASUS RT-N12 D1 tomatoes passwort falsch
    7 years 2 months ago
  • WPS button = 30/30/30 hard reset button
    7 years 3 months ago
  • Save my day!
    7 years 9 months ago
  • How to
    8 years ago
  • Can i still access my modem (the one with the ISP provided)?
    8 years ago
  • A saving step!
    8 years 4 months ago
  • Problem with Asus n12e-c1
    8 years 6 months ago
  • don't use Hostgator
    8 years 8 months ago

© 2007 - 2023 BXTra.net. All Rights Reserved. 
Certain other content, photos and artwork displayed on BXTra.net are protected by copyright and are the property of their respective owners.

Privacy Policy