Re: [PLUG] My domain's .htaccess file is giving me fits

[george@georgesbasement.com]

Hello PLUG -

The saga continues ... my ISP has thrown up its hands in frustration and
replies to my questions with the IT equivalent of the cockkroach letter 
...
Risking some repetition, here is my current situation; stopping HEAD
requests is straightened out OK. The following is what caused my ISP to
freeze further service assistance:

> In September my shared server's Apache software was upgraded to Apache
> 2.4, but I was never informed until long afterwards, and no attempt was
> made to provide information about the changes that the upgrade would 
> bring.

> Much of the syntax needed for effective use of the .htaccess file has 
> been
> changed. Hotlink protection is a good example. The code I was using 
> prior
> to the changeover looked like this:

> > RewriteEngine on
> > RewriteCond %{HTTP_REFERER} ^http://(www\.)resizing\.info/ [NC,OR]
> > RewriteCond %{HTTP_REFERER} ^http://resizing\.info/ [NC,OR]
> ... snippage of a couple hundred lines ...
> > RewriteCond %{HTTP_REFERER} ^http://(www\.)1sm\.info/ [NC]
> > RewriteCond %{HTTP_REFERER} !^$
> > RewriteRule \.(jpeg|jpg|JPG|JPEG|bmp|BMP)$ - [F]

> This code worked, although there were a few domains that evaded it 
> somehow.
> It blocked specific hotlinkers; benign folks who included proper 
> attribution
> were implicitly allowed to continue. Whenever I added a hotlinker to my
> .htaccess file and uploaded that .htaccess file to my server, a reload 
> of
> the offending page got a "403 forbidden" response, right on my PC's 
> screen.

> Now comes Apache 2.4 and the recommended procedure to block hotlinkers 
> has
> been inverted:  See:
> https://www.inmotionhosting.com/support/website/protecting-files/hotlink-protect-htaccess

> This code blocks _all_ hotlinking, whether benign or not:

> > RewriteEngine on
> > RewriteCond %{HTTP_REFERER} !^$
> > RewriteCond %{HTTP_REFERER} !^http://(www\.)?my-website.com/.*$ [NC]
> > RewriteRule \.(jpg|jpeg|gif|png|bmp)$ 
> > http://www.my-website.com/restricted.html [R,L]

> Here is the page on which I based my attempt to block specific 
> hotlinkers:
> https://httpd.apache.org/docs/2.4/rewrite/access.html#blocked-inline-images

> The following lines from the above link use Apache 2.4 syntax to block
> _all_ hotlinkers:

> > RewriteEngine on
> > RewriteCond "%{HTTP_REFERER}" "!^$"
> > RewriteCond "%{HTTP_REFERER}" "!www.example.com" [NC]
> > RewriteRule "\.(gif|jpg|png)$"    "/images/go-away.png"   [R,NC]

> Below I am implicitly allowing benign hotlinking, but attempting to 
> block
> the folks who don't provide proper attribution. I started by removing
> the "!" negation symbol:

> > RewriteEngine on
> > RewriteCond "%{HTTP_REFERER}" "^$"
> > RewriteCond "%{HTTP_REFERER}"  "www.hotlinker01.info" [NC,OR]
> ... snippage of hundreds of domains ...
> > RewriteCond "%{HTTP_REFERER}"  "hotlinker02.com" [NC]
> > RewriteRule "\.(jpeg|jpg|png|JPG|JPEG|bmp|BMP|gif)$"  
> > "/images/Provide_Attribution.gif"

> While my version doesn't cause "500" errors, it doesn't block the
> hotlinkers, either.

Best regards,
George Langford
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug