mod rewrite for a PHP file

Karrie · April 9th, 2005, 5:46 AM

I've been having problems with people leeching videos from my site and I also have a download script installed (it just masks the actual file location and counts how many times a file is downloaded). I have the script set up so my links to download the videos are like mysite.net/dl/download.php?file=id#

Is there a correct way to do this with .htaccess in my /dl/ folder so that anyone who calls /dl/download.php?file=id# from any other website is redirected to my index page?

I tried a couple of different things that I saw on on tutorial sites but one caused an internal server error

and the other redirected me to my index page no matter what.

Thanks.

H · April 9th, 2005, 6:17 AM

Not entirely sure about using .htaccess to do it, but you could modify your PHP script.

PHP Code:


			
<?php

if ($_SERVER['HTTP_REFERER'] != "http://yourlink.tld") {

echo "Access Denied. Leeching is not allowed.";

} else {

// download script goes here \\

}

?>

**Ancyru** · April 9th, 2005, 6:37 AM

That's an interesting way to block hotlinkers. Would that also include *.domain.tld or *.domain.tld/*?

**ghostcop** · April 9th, 2005, 7:04 AM

This might work if put in .htaccess. I use a similar setup on one of my sites but am not sure if the .php?file= is gonna throw it off or not.

Code:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://domain.tld/dl/download.php?file=.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.domain.tld/dl/download.php?file=.*$      [NC]
RewriteRule .*\.(wmv|png|jpg|gif|mov|avi)$ http://domain.tld/ [R,NC]

You should know if you're going to use this method or Haugland's that HTTP_REFERER is taken from the http header sent by the browser. It's not 100% secure, as someone with a little bit of know-how and time can send a fake http-referer and get to your blocked files. Should stop casual leeching just fine, though.

H · April 9th, 2005, 7:06 AM

It's not to prevent people from hotlinking, it's to see where people are coming from. If the people aren't coming from the website, than it denies them access.

Just a thought.. I remember that some browsers have trouble with the referer thing, so it might be a good idea to add "OR != null" to the if statement.

**Kickersny.com** · April 13th, 2005, 2:26 PM

and you should to a strpos() on the HTTP_REFERER, instead of doing an exact match. HTTP_REFERER logs filenames, too. So you should do something along the lines of:

PHP Code:


			
if( isset( $_SERVER['HTTP_REFERER'] ) && !strpos( $_SERVER['HTTP_REFERER'] ), $_SERVER['HTTP_HOST'] ) ){

    die('leecher!');

} else{

    // blah blah blah

}

**ghostcop** · April 13th, 2005, 7:00 PM

Since Kicker didn't catch it yet and at the risk of a direct copy & paste, the code should read:

PHP Code:


			
if( isset( $_SERVER['HTTP_REFERER'] ) && 

            !strpos( $_SERVER['HTTP_REFERER'] , $_SERVER['HTTP_HOST'] ) ){

    die('leecher!');

} else{

    // blah blah blah

}

Got a little paranthesis happy, did we? heh

**Ancyru** · April 13th, 2005, 7:02 PM

How do you even see these things! I wouldn't have seen that unless you mentioned it lolz.

**ghostcop** · April 13th, 2005, 7:26 PM

Don't give me too much credit. I can't even spell parenthesis.

April 9th, 2005, 5:46 AM	#1 (permalink)
Karrie Registered User Fresh Surpasser Joined in Jun 2004 Hosted on Dedicated 12 posts Gave thanks: 0 Thanked 0 times	mod rewrite for a PHP file I've been having problems with people leeching videos from my site and I also have a download script installed (it just masks the actual file location and counts how many times a file is downloaded). I have the script set up so my links to download the videos are like mysite.net/dl/download.php?file=id# Is there a correct way to do this with .htaccess in my /dl/ folder so that anyone who calls /dl/download.php?file=id# from any other website is redirected to my index page? I tried a couple of different things that I saw on on tutorial sites but one caused an internal server error and the other redirected me to my index page no matter what. Thanks.

April 9th, 2005, 6:17 AM	#2 (permalink)
H after g, before i Resident. Joined in Jul 2004 Lives in N,BC,CA 8,092 posts Gave thanks: 48 Thanked 131 times	Not entirely sure about using .htaccess to do it, but you could modify your PHP script. PHP Code: `<?php if ($_SERVER['HTTP_REFERER'] != "http://yourlink.tld") { echo "Access Denied. Leeching is not allowed."; } else { // download script goes here \\ } ?>`

April 9th, 2005, 6:37 AM	#3 (permalink)
Ancyru L'Awesome Advocate Super #1 Joined in May 2004 Lives in .au Hosted on Mango 2,423 posts Gave thanks: 1 Thanked 5 times	That's an interesting way to block hotlinkers. Would that also include .domain.tld or .domain.tld/*? __________________ When I get sad, I stop being sad, and be AWESOME instead. True story.

April 9th, 2005, 7:04 AM	#4 (permalink)
ghostcop Surpass Fan On a golden path... Joined in Nov 2004 Lives in San Francisco 364 posts Gave thanks: 0 Thanked 3 times	This might work if put in .htaccess. I use a similar setup on one of my sites but am not sure if the .php?file= is gonna throw it off or not. Code: RewriteEngine on RewriteCond %{HTTP_REFERER} !^http://domain.tld/dl/download.php?file=.$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.domain.tld/dl/download.php?file=.$ [NC] RewriteRule .*\.(wmv\|png\|jpg\|gif\|mov\|avi)$ http://domain.tld/ [R,NC] You should know if you're going to use this method or Haugland's that HTTP_REFERER is taken from the http header sent by the browser. It's not 100% secure, as someone with a little bit of know-how and time can send a fake http-referer and get to your blocked files. Should stop casual leeching just fine, though. __________________ Err the Blog ones zeros majors and minors - a tumblelog

April 13th, 2005, 2:26 PM	#6 (permalink)
Kickersny.com Surpass Fan Super #1 Joined in Aug 2004 Hosted on SH58 1,688 posts Gave thanks: 6 Thanked 7 times	and you should to a strpos() on the HTTP_REFERER, instead of doing an exact match. HTTP_REFERER logs filenames, too. So you should do something along the lines of: PHP Code: `if( isset( $_SERVER['HTTP_REFERER'] ) && !strpos( $_SERVER['HTTP_REFERER'] ), $_SERVER['HTTP_HOST'] ) ){ die('leecher!'); } else{ // blah blah blah }` __________________ - Evan Charlton \| [site] \| Server - SH58

April 9th, 2005, 7:06 AM	#5 (permalink)
H after g, before i Resident. Joined in Jul 2004 Lives in N,BC,CA 8,092 posts Gave thanks: 48 Thanked 131 times	It's not to prevent people from hotlinking, it's to see where people are coming from. If the people aren't coming from the website, than it denies them access. Just a thought.. I remember that some browsers have trouble with the referer thing, so it might be a good idea to add "OR != null" to the if statement.

April 13th, 2005, 7:00 PM	#7 (permalink)
ghostcop Surpass Fan On a golden path... Joined in Nov 2004 Lives in San Francisco 364 posts Gave thanks: 0 Thanked 3 times	Since Kicker didn't catch it yet and at the risk of a direct copy & paste, the code should read: PHP Code: `if( isset( $_SERVER['HTTP_REFERER'] ) && !strpos( $_SERVER['HTTP_REFERER'] , $_SERVER['HTTP_HOST'] ) ){ die('leecher!'); } else{ // blah blah blah }` Got a little paranthesis happy, did we? heh __________________ Err the Blog ones zeros majors and minors - a tumblelog

April 13th, 2005, 7:02 PM	#8 (permalink)
Ancyru L'Awesome Advocate Super #1 Joined in May 2004 Lives in .au Hosted on Mango 2,423 posts Gave thanks: 1 Thanked 5 times	How do you even see these things! I wouldn't have seen that unless you mentioned it lolz. __________________ When I get sad, I stop being sad, and be AWESOME instead. True story.

April 13th, 2005, 7:26 PM	#9 (permalink)
ghostcop Surpass Fan On a golden path... Joined in Nov 2004 Lives in San Francisco 364 posts Gave thanks: 0 Thanked 3 times	Don't give me too much credit. I can't even spell parenthesis. __________________ Err the Blog ones zeros majors and minors - a tumblelog

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Rate This Thread
Rate This Thread: