Protection from hotlinking

Imagine a situation when one kind, good and pleasant in every respect the person has placed on the site a collection of pictures - the staff from any popular film. A picture use the big popularity, people actively looks them. It, naturally, is poured out in the quite good proceeding traffic from the server. For an example - this site generates the traffic approximately on 5-6 Gb in a month, and it at almost full absence of pictures! A site focused on a picture (well it is not necessary to accuse me of support xxx sites...), it is capable to generate the traffic in hundreds Gb. In a month. And it is necessary to pay for all this (for example, on 2.5 dollars for 1 Gb).

And suddenly this wonderful, remarkable altruist notices, that the traffic was doubled, at the same attendance. Hence, to pay it is necessary twice more! Why? It appears, any extremely bad person too has made a site with the same pictures. But, as such a picture in a network already is, the bad person has decided to not spend at the same time the traffic and to use a picture from a host of the good person. And the truth, teg img at all does not forbid use of pictures from other hosts, know write a full way. Also the bad person is pleased! Has played a dirty trick and is happy.

What to do{make} to the good person? To close a site? No! The great defender of mankind - .htaccess - comes to the aid! It is possible, it appears, to make so that picture was possible to use only to a that host on which they are. And to make it it is possible even in several ways - or through functions apache, or through mod_rewrite (the module apache, engaged perenapravleniem on other pages).

First we shall see, as it can be made through mod_rewrite. For this purpose it is necessary to define{determine}, whence there has come the visitor - if from the pages to start up it{him} to a picture. Otherwise - to send far and for a long time, and it is the best way on the sponsor:) it Is done{made} through a variable http_referer. it it is necessary to attribute in .htaccess:

authuserfile/dev/null

authgroupfile/dev/null

rewriteengine on

rewritecond % {http_referer}! ^http: // www.webhowto.ru/

rewritecond % {http_referer}! ^http: // webhowto.ru/

rewritecond % {http_referer}!> http://www.webhowto.ru:80 [nc]

rewritecond % {http_referer}!> http://webhowto.ru:80 [nc]

rewriterule/* http://www.yoursponsor.com/click.cgi [r, l]

And now imagine, as works mod_rewrite. All problem that processing of search by the server occurs in some stages. In brief: first apache processes url, and then puts him{it} in conformity files. The trouble that processing .htaccess occurs already after processing url, therefore to process instructions mod_rewrite correctly, apache does{makes} two times same. Naturally, it strongly brakes the server.

There is more convenient decision. In httpd.conf in the section concerning to a folder, or in .htaccess it is possible to add instructions to the server to not give a picture to unfamiliar clients. It is done{made} so:

setenvifnocase referer " ^http: // www.webhowto.ru " local_ref=1

<FILESMATCH?. (gif|jpg)?>

order allow, deny

allow from env=local_ref

</FILESMATCH>

Ur! Works! In sense, does not work!:)

It is necessary to add, that you quite can make the same way protection not only for jpg and gif, but also for any other files, see the documentation on apache for syntax of boxing filesmatch. That's all, on the saved money buy to itself halvahs and enjoy!