4
Contributors
7
Replies
49
Views
1 Year
Discussion Span
Last Post by rpv_sen
0

Hi,

I have few questions:

  1. in your tags there are PHP and database: how these are involved in this issue?
  2. The static files are served directly or by script?
  3. Are these files stored into a folder accessible from remote?
  4. Are you trying to block access to all static files or only some specific types?
  5. Are you using Apache or IIS? (You said you are on Windows but not which server you're using).

Edited by cereal

0

Thanks cereal

php with mssql.
Files are stored in folder and it was displayed from database.
Yes
Yes
server:      Microsoft-IIS/8.0

Edited by rpv_sen: update extra information

0

Ok with Microsoft-IIS/8.0 you can try to add a rewrite rule to your web.config file:

<rule name="Prevent image hotlinking">
    <match url=".*\.(gif|jpg|png)$"/>
    <conditions>
        <add input="{HTTP_REFERER}" pattern="^$" negate="true" />
        <add input="{HTTP_REFERER}" pattern="^http://site\.tld/.*$" negate="true" />
    </conditions>
    <action type="Rewrite" url="/images/say_no_to_hotlinking.jpg" />  
</rule>  

As explained here:

Note: I don't have much experience with IIS, so I cannot help much further, if you still need help wait for other daniwebers. Bye!

0

If you're relying on the HTTP referrer header to prevent hot linking there are a couple of issues you might need to think about. The header can be spoofed. And it's not uncommon for the referrer to be blank, such as when someone bookmarks a resource.

I haven't attempted to block hot linking myself, but what I would try doing is setting a domain cookie so that at least you know they've visited your site. Then when they request the download, their browser will include the cookie in the request header, which you can test against.

If you need to protect resources more thoroughly, consider implementing a way for users to authenticate themselves, such as with a username and password, and/or restricting access by IP address.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.